Vulnerabilites related to Microsoft - Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
cve-2022-24513
Vulnerability from cvelistv5
Published
2022-04-15 19:03
Modified
2025-01-02 18:51
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.49 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:13:56.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.49", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.27", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.23", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Visual Studio 2019 for Mac version 8.10", vendor: "Microsoft", versions: [ { lessThan: "8.10.24", status: "affected", version: "8.1.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.16", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.12", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.1", vendor: "Microsoft", versions: [ { lessThan: "17.1.7", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Visual Studio 2022 for Mac version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.3", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.49", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.7.27", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.23", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:macos:*:*", versionEndExcluding: "8.10.24", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.16", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.12", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.1.7", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.3", versionStartIncluding: "17.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-04-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:51:46.747Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-24513", datePublished: "2022-04-15T19:03:40", dateReserved: "2022-02-05T00:00:00", dateUpdated: "2025-01-02T18:51:46.747Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41119
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Version: 17.2.0 < 17.2.10 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.466Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-41119", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T20:17:21.236549Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-07T13:57:30.329Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.10", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.51", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.21", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.3", vendor: "Microsoft", versions: [ { lessThan: "17.3.7", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.16", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.10", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.51", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.21", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.3.7", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.16", versionStartIncluding: "17.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:56.482Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41119", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:31:56.482Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42277
Vulnerability from cvelistv5
Published
2021-11-10 00:47
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1306/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows 10 Version 1809 |
Version: 10.0.0 < 10.0.17763.2300 cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:arm64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:37.813Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1306/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1809", vendor: "Microsoft", versions: [ { lessThan: "10.0.17763.2300", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019", vendor: "Microsoft", versions: [ { lessThan: "10.0.17763.2300", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "10.0.17763.2300", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1916:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1909", vendor: "Microsoft", versions: [ { lessThan: "10.0.18363.1916", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x86:*", ], platforms: [ "x64-based Systems", "ARM64-based Systems", "32-bit Systems", ], product: "Windows 10 Version 21H1", vendor: "Microsoft", versions: [ { lessThan: "10.0.19043.1348", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2022", vendor: "Microsoft", versions: [ { lessThan: "10.0.20348.350", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1348:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", "x64-based Systems", ], product: "Windows 10 Version 2004", vendor: "Microsoft", versions: [ { lessThan: "10.0.19041.1348", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 2004", vendor: "Microsoft", versions: [ { lessThan: "10.0.19041.1348", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", ], product: "Windows 10 Version 20H2", vendor: "Microsoft", versions: [ { lessThan: "10.0.19042.1348", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19041.1348:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 20H2", vendor: "Microsoft", versions: [ { lessThan: "10.0.19041.1348", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:arm64:*", ], platforms: [ "x64-based Systems", "ARM64-based Systems", ], product: "Windows 11 version 21H2", vendor: "Microsoft", versions: [ { lessThan: "10.0.22000.318", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1507", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.19119", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1607", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.4770", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2016", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.4770", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.4770", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.41", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.21", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.13", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.6", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "27550.00", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-11-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:47:57.294Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1306/", }, ], title: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-42277", datePublished: "2021-11-10T00:47:02", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-04T03:30:37.813Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36792
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-01-01 02:04
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792 | vendor-advisory |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-36792", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-28T14:00:38.974579Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-28T14:00:45.881Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.977Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.57", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.21", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.30", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.13", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.24", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.13", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.12", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.7", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2016", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2012", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2019", "Windows Server 2022 (Server Core installation)", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows Server 2022", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.03", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for ARM64-based Systems", "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019 (Server Core installation)", "Windows Server 2019", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.05", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016 (Server Core installation)", "Windows Server 2016", "Windows 10 Version 1607 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.6252", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2012 R2", "Windows Server 2012", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.09186.01", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 and 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.20162", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 2.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2", ], product: "Microsoft .NET Framework 3.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", ], product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.57", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.21", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.30", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.13", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.24", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.13", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.12", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.03", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.05", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.6252", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.09186.01", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.20162", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:33.725Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36792", datePublished: "2023-09-12T16:58:40.779Z", dateReserved: "2023-06-27T15:11:59.871Z", dateUpdated: "2025-01-01T02:04:33.725Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21986
Vulnerability from cvelistv5
Published
2022-02-09 16:36
Modified
2025-01-02 18:28
Severity ?
EPSS score ?
Summary
.NET Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) |
Version: 15.0.0 < 16.9.17 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:54.541Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: ".NET Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.17", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.10", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.6", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Visual Studio 2019 for Mac version 8.10", vendor: "Microsoft", versions: [ { lessThan: "8.10.18", status: "affected", version: "8.1.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 5.0", vendor: "Microsoft", versions: [ { lessThan: "5.0.14", status: "affected", version: "5.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.2", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.17", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.10", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.6", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:macos:*:*", versionEndExcluding: "8.10.18", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "5.0.14", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.2", versionStartIncluding: "6.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-02-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:28:16.455Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986", }, ], title: ".NET Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21986", datePublished: "2022-02-09T16:36:32", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T18:28:16.455Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21172
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-02-21 20:28
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.69 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21172", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-27T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-28T04:55:36.041Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.69", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.43", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.22", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.17", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.10", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.24252.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.12", vendor: "Microsoft", versions: [ { lessThan: "17.12.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 8.0", vendor: "Microsoft", versions: [ { lessThan: "8.0.12", status: "affected", version: "8.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 9.0", vendor: "Microsoft", versions: [ { lessThan: "9.0.1", status: "affected", version: "9.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.69", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.43", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.22", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.17", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.10", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.24252.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.12.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "8.0.12", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "9.0.1", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: ".NET and Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-21T20:28:51.920Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172", }, ], title: ".NET and Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21172", datePublished: "2025-01-14T18:04:38.469Z", dateReserved: "2024-12-05T21:43:30.760Z", dateUpdated: "2025-02-21T20:28:51.920Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30184
Vulnerability from cvelistv5
Published
2022-06-15 21:52
Modified
2025-02-28 19:57
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30184 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | .NET 6.0 |
Version: 6.0.0 < 6.0.6 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:40:47.782Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184", }, { name: "FEDORA-2022-cd37732349", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNH4AC3LFVX35MDRX5OBZDGD2AMH66K/", }, { name: "FEDORA-2022-5508547b1e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-30184", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:25:47.451932Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T19:57:01.224Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.6", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.26", status: "affected", version: "3.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.22", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Visual Studio 2019 for Mac version 8.10", vendor: "Microsoft", versions: [ { lessThan: "17.0.2", status: "affected", version: "8.1.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.16", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.11", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.4", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "NuGet.exe", vendor: "Microsoft", versions: [ { lessThan: "6.2.0", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Visual Studio 2022 for Mac version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.2", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.6", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", versionEndExcluding: "3.1.26", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.22", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:macos:*:*", versionEndExcluding: "17.0.2", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.16", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.11", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.4", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*", versionEndExcluding: "6.2.0", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.2", versionStartIncluding: "17.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-06-14T07:00:00.000Z", descriptions: [ { lang: "en-US", value: ".NET and Visual Studio Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:03:10.967Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET and Visual Studio Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30184", }, ], title: ".NET and Visual Studio Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-30184", datePublished: "2022-06-15T21:52:20.000Z", dateReserved: "2022-05-03T00:00:00.000Z", dateUpdated: "2025-02-28T19:57:01.224Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-30052
Vulnerability from cvelistv5
Published
2024-06-11 17:00
Modified
2024-12-31 19:38
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30052 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.63 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-30052", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-11T18:40:08.702742Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-11T18:40:17.085Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:25:02.976Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30052", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.63", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.37", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.20", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.16", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.11", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.2", status: "affected", version: "17.10", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.63", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.37", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.20", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.16", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.11", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.2", versionStartIncluding: "17.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-06-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "CWE-693: Protection Mechanism Failure", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T19:38:06.078Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30052", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-30052", datePublished: "2024-06-11T17:00:10.658Z", dateReserved: "2024-03-22T23:12:13.409Z", dateUpdated: "2024-12-31T19:38:06.078Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35272
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.66 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35272", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:38:18.225584Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:38:24.277Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.938Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.66", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.40", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.19", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.14", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.7", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.11", vendor: "Microsoft", versions: [ { lessThan: "17.11.3", status: "affected", version: "17.11", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.66", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.40", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.19", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.14", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.7", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.11.3", versionStartIncluding: "17.11", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:44.335Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-35272", datePublished: "2024-07-09T17:02:44.609Z", dateReserved: "2024-05-14T20:14:47.415Z", dateUpdated: "2025-03-11T16:39:44.335Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28935
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28935", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-12T12:55:55.302963Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:37.151Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.452Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:06.415Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28935", datePublished: "2024-04-09T17:01:15.096Z", dateReserved: "2024-03-13T01:26:53.036Z", dateUpdated: "2025-01-23T01:12:06.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36794
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-01-01 02:04
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.57 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-36794", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-14T15:55:22.038287Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-14T15:55:32.545Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.543Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.57", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.21", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.30", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.13", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.12", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.24", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.13", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.7", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2016 (Server Core installation)", "Windows Server 2016", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2012 (Server Core installation)", "Windows 10 Version 1607 for x64-based Systems", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2019", "Windows Server 2022", "Windows Server 2022 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.05", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for x64-based Systems", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.6252", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.09186.01", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for x64-based Systems", "Windows 10 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 and 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.20162", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 3.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 2.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012", "Windows Server 2012 R2", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.57", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.21", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.30", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.13", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.12", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.24", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.13", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.05", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.6252", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.09186.01", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.20162", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:32.641Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36794", datePublished: "2023-09-12T16:58:39.719Z", dateReserved: "2023-06-27T15:11:59.873Z", dateUpdated: "2025-01-01T02:04:32.641Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28933
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Version: 16.11.0 < 16.11.35 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28933", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-22T15:37:19.711302Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:12.885Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.181Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:05.350Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28933", datePublished: "2024-04-09T17:01:13.955Z", dateReserved: "2024-03-13T01:26:53.034Z", dateUpdated: "2025-01-23T01:12:05.350Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23267
Vulnerability from cvelistv5
Published
2022-05-10 20:33
Modified
2025-01-02 18:57
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | .NET Core 3.1 |
Version: 3.1 < 3.1.25 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:36:20.350Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267", }, { name: "FEDORA-2022-d69fee9f38", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", }, { name: "FEDORA-2022-9a1d5ea33c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", }, { name: "FEDORA-2022-256d559f0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: ".NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.25", status: "affected", version: "3.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 5.0", vendor: "Microsoft", versions: [ { lessThan: "5.0.17", status: "affected", version: "5.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.21", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Visual Studio 2019 for Mac version 8.10", vendor: "Microsoft", versions: [ { lessThan: "8.10.24", status: "affected", version: "8.1.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.14", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.10", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.5", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.1", vendor: "Microsoft", versions: [ { lessThan: "17.1.7", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.11", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.4", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Visual Studio 2022 for Mac version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.3", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", versionEndExcluding: "3.1.25", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "5.0.17", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.21", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:macos:*:*", versionEndExcluding: "8.10.24", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.14", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.10", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.5", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.1.7", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.11", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.4", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.3", versionStartIncluding: "17.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-05-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET and Visual Studio Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:57:48.914Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET and Visual Studio Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267", }, ], title: ".NET and Visual Studio Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-23267", datePublished: "2022-05-10T20:33:32", dateReserved: "2022-01-15T00:00:00", dateUpdated: "2025-01-02T18:57:48.914Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24767
Vulnerability from cvelistv5
Published
2022-04-12 17:51
Modified
2024-10-01 14:53
Severity ?
EPSS score ?
Summary
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: unspecified |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:20:50.454Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-24767", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-31T15:23:28.548160Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427 Uncontrolled Search Path Element", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-01T14:53:40.641Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2022 version 17.1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-15T19:58:54", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-24767", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2022 version 17.1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2022 version 17.0", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24767", datePublished: "2022-04-12T17:51:04", dateReserved: "2022-02-10T00:00:00", dateUpdated: "2024-10-01T14:53:40.641Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36793
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-01-01 02:04
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.57 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-36793", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-29T15:20:19.558478Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:25:44.719Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.57", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.21", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.30", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.13", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.13", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.24", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.12", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.7", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2016 (Server Core installation)", "Windows Server 2016", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2012 R2", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019", "Windows Server 2022 (Server Core installation)", "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2019 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.03", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2016", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.6252", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019 (Server Core installation)", "Windows Server 2019", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.05", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.02", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 11 Version 22H2 for ARM64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.09186.01", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 and 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.20162", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 2.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 3.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.57", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.21", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.30", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.13", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.13", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.24", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.12", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.03", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.6252", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.05", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.02", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.09186.01", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.20162", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:33.186Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36793", datePublished: "2023-09-12T16:58:40.256Z", dateReserved: "2023-06-27T15:11:59.872Z", dateUpdated: "2025-01-01T02:04:33.186Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36796
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-01-01 02:04
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.6 |
Version: 17.6.0 < 17.6.9 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-36796", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-29T18:14:53.378773Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:25:47.414Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.624Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.7", vendor: "Microsoft", versions: [ { lessThan: "17.7.6", status: "affected", version: "17.7.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.57", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.21", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.30", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.13", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40707.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27559.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.13", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.24", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.12", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.03", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2016", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 (Server Core installation)", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.05", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", ], product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.6252", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022 (Server Core installation)", "Windows Server 2022", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.09186.01", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for x64-based Systems", "Windows 10 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 and 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.20162", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 2.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 3.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", ], product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.7.6", versionStartIncluding: "17.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.57", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.21", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.30", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.13", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40707.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27559.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.13", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.24", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.12", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.03", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.05", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.6252", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.09186.01", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.20162", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:32.188Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36796", datePublished: "2023-09-12T16:58:39.186Z", dateReserved: "2023-06-27T15:11:59.873Z", dateUpdated: "2025-01-01T02:04:32.188Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36759
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-01-01 02:04
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Version: 17.2.0 < 17.2.19 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.258Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.19", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.30", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.11", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.7", vendor: "Microsoft", versions: [ { lessThan: "17.7.4", status: "affected", version: "17.7.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.7", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.19", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.30", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.11", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.7.4", versionStartIncluding: "17.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.7", versionStartIncluding: "17.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-822", description: "CWE-822: Untrusted Pointer Dereference", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:21.736Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36759", datePublished: "2023-09-12T16:58:29.748Z", dateReserved: "2023-06-27T15:11:59.867Z", dateUpdated: "2025-01-01T02:04:21.736Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32028
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2025-01-01 01:43
Severity ?
EPSS score ?
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft OLE DB Driver 19 for SQL Server |
Version: 19.0.0 < 19.3.0001.0 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.848Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0001.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.6.0006.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0001.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.6.0006.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-15T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:44.971Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028", }, ], title: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-32028", datePublished: "2023-06-16T00:44:30.155Z", dateReserved: "2023-05-01T15:34:52.132Z", dateUpdated: "2025-01-01T01:43:44.971Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28931
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28931", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-25T00:11:41.299849Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:59.642Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.172Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:22.456Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28931", datePublished: "2024-04-09T17:00:27.649Z", dateReserved: "2024-03-13T01:26:53.031Z", dateUpdated: "2025-01-23T01:11:22.456Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28930
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28930", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-18T15:43:31.008624Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-08T15:35:37.350Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.397Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:04.726Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28930", datePublished: "2024-04-09T17:01:13.416Z", dateReserved: "2024-03-13T01:26:53.031Z", dateUpdated: "2025-01-23T01:12:04.726Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26434
Vulnerability from cvelistv5
Published
2021-09-15 11:23
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1077/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.39 cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:26:25.193Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1077/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.39", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "16.4.26", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.19", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.11", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.3", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, ], datePublic: "2021-09-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T19:37:25.359Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1077/", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-26434", datePublished: "2021-09-15T11:23:00", dateReserved: "2021-01-29T00:00:00", dateUpdated: "2024-08-03T20:26:25.193Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43877
Vulnerability from cvelistv5
Published
2021-12-15 14:15
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) |
Version: 16.0.0 < 16.7.23 cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.113Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.23", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.15", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.8", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.3", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "ASP.NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.22", status: "affected", version: "3.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:asp.net_core:5.0:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "ASP.NET Core 5.0", vendor: "Microsoft", versions: [ { lessThan: "5.0.13", status: "affected", version: "5.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:asp.net_core:6.0:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "ASP.NET Core 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.101", status: "affected", version: "6.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.1", vendor: "Microsoft", versions: [ { lessThan: "17.1.4", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-12-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:44:33.540Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877", }, ], title: "ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-43877", datePublished: "2021-12-15T14:15:31", dateReserved: "2021-11-16T00:00:00", dateUpdated: "2024-08-04T04:10:17.113Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43590
Vulnerability from cvelistv5
Published
2024-10-08 17:36
Modified
2025-01-29 23:50
Severity ?
EPSS score ?
Summary
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43590 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Visual C++ Redistributable Installer |
Version: 10.0.0 < 14.40.33816 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43590", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:34:14.182011Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T18:34:32.825Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Visual C++ Redistributable Installer", vendor: "Microsoft", versions: [ { lessThan: "14.40.33816", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.67", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.41", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.20", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.15", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.8", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.11", vendor: "Microsoft", versions: [ { lessThan: "17.11.5", status: "affected", version: "17.11", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_c_plus_plus_redistributable_installer:*:*:*:*:*:*:*:*", versionEndExcluding: "14.40.33816", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.67", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.41", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.20", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.15", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.8", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.11.5", versionStartIncluding: "17.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-10-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T23:50:59.023Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43590", }, ], title: "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43590", datePublished: "2024-10-08T17:36:14.169Z", dateReserved: "2024-08-14T01:08:33.548Z", dateUpdated: "2025-01-29T23:50:59.023Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41089
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2025-01-02 21:36
Severity ?
EPSS score ?
Summary
.NET Framework Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Version: 17.2.0 < 17.2.11 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.218Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.11", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.22", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.17", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.3", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.12", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.32", status: "affected", version: "3.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.1", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.9", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.3", vendor: "Microsoft", versions: [ { lessThan: "7.3.2", status: "affected", version: "7.3.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012 R2", "Windows Server 2012 (Server Core installation)", "Windows 8.1 for 32-bit systems", "Windows Server 2016", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2012", "Windows Server 2016 (Server Core installation)", "Windows 7 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows 7 for 32-bit Systems Service Pack 1", "Windows Server 2012 R2 (Server Core installation)", "Windows RT 8.1", "Windows 10 Version 1607 for 32-bit Systems", "Windows 8.1 for x64-based systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 10 Version 22H2 for x64-based Systems", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "04590.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 21H1 for ARM64-based Systems", "Windows 10 Version 21H1 for x64-based Systems", "Windows 10 Version 21H1 for 32-bit Systems", "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 10 Version 20H2 for 32-bit Systems", "Windows 10 Version 20H2 for ARM64-based Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "04590.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019 (Server Core installation)", "Windows Server 2019", "Windows 10 Version 1809 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "04010.02", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H1 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H1 for 32-bit Systems", "Windows 10 Version 20H2 for ARM64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 10 Version 21H1 for x64-based Systems", "Windows 10 Version 20H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "09115.01", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 2.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "30729.8953", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2", ], product: "Microsoft .NET Framework 3.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "30729.8953", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows 8.1 for x64-based systems", "Windows 8.1 for 32-bit systems", "Windows Server 2012 R2", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { lessThan: "30729.8953", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, { platforms: [ "Windows 7 for 32-bit Systems Service Pack 1", "Windows 7 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { lessThan: "30729.8953", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, { platforms: [ "Windows 7 for 32-bit Systems Service Pack 1", "Windows Server 2012 (Server Core installation)", "Windows Server 2012", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", "Windows 8.1 for 32-bit systems", "Windows 7 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows RT 8.1", "Windows 8.1 for x64-based systems", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "04010.02", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "04010.02", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for x64-based Systems", "Windows 10 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.6/4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.19624", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.11", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.22", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.17", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.3", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.12", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", versionEndExcluding: "3.1.32", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.1", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.9", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*", versionEndExcluding: "7.3.2", versionStartIncluding: "7.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "04590.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "04590.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "04010.02", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "09115.01", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "30729.8953", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "30729.8953", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "30729.8953", versionStartIncluding: "3.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "30729.8953", versionStartIncluding: "3.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "04010.02", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "04010.02", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.19624", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-12-13T08:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET Framework Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:36:52.938Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET Framework Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089", }, ], title: ".NET Framework Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41089", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:36:52.938Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-25003
Vulnerability from cvelistv5
Published
2025-03-11 16:59
Modified
2025-03-23 16:12
Severity ?
EPSS score ?
Summary
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25003 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Version: 16.11.0 < 16.11.45 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-25003", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T18:26:22.045596Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T18:32:42.857Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.45", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.19", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.12", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.12", vendor: "Microsoft", versions: [ { lessThan: "17.12.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.13", vendor: "Microsoft", versions: [ { lessThan: "17.13.3", status: "affected", version: "17.10", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.45", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.19", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.12", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.12.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.13.3", versionStartIncluding: "17.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-03-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427: Uncontrolled Search Path Element", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-23T16:12:12.069Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25003", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-25003", datePublished: "2025-03-11T16:59:04.914Z", dateReserved: "2025-01-30T15:14:20.994Z", dateUpdated: "2025-03-23T16:12:12.069Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35826
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.50 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:44:22.069Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-35826", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T19:26:13.774576Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T19:26:26.305Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.50", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.24", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.18", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.13", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2012 Update 5", vendor: "Microsoft", versions: [ { lessThan: "11.0.61252.0", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40699.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27552.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.7", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.50", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.24", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.18", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.13", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "11.0.61252.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40699.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27552.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.7", versionStartIncluding: "17.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:56.811Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-35826", datePublished: "2022-08-09T20:12:36", dateReserved: "2022-07-13T00:00:00", dateUpdated: "2025-01-02T19:34:56.811Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32026
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2025-02-28 21:08
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft ODBC Driver 17 for SQL Server on MacOS |
Version: 17.0.0.0 < 17.10.4.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.617Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32026", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:20:57.572834Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:08:48.193Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.2.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-15T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:43.432Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-32026", datePublished: "2023-06-16T00:44:29.037Z", dateReserved: "2023-05-01T15:34:52.131Z", dateUpdated: "2025-02-28T21:08:48.193Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28938
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28938", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T17:30:59.430193Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:20.638Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.355Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:07.412Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28938", datePublished: "2024-04-09T17:01:16.170Z", dateReserved: "2024-03-13T01:26:53.037Z", dateUpdated: "2025-01-23T01:12:07.412Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28936
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28936", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-01T19:04:55.282290Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:40.417Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.507Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:23.421Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28936", datePublished: "2024-04-09T17:00:28.756Z", dateReserved: "2024-03-13T01:26:53.037Z", dateUpdated: "2025-01-23T01:11:23.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32027
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2025-02-28 21:08
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Version: 17.0.0.0 < 17.10.4.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.681Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32027", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:20:54.895772Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:08:42.415Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.2.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-15T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:43.911Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-32027", datePublished: "2023-06-16T00:44:29.549Z", dateReserved: "2023-05-01T15:34:52.132Z", dateUpdated: "2025-02-28T21:08:42.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42319
Vulnerability from cvelistv5
Published
2021-11-10 00:47
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42319 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.41 cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:38.244Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42319", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.41", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.21", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.13", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.6", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, ], datePublic: "2021-11-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:47:45.942Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42319", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-42319", datePublished: "2021-11-10T00:47:41", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-04T03:30:38.244Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35777
Vulnerability from cvelistv5
Published
2022-08-09 19:59
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.50 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:44:21.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.50", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.24", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.18", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.13", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2012 Update 5", vendor: "Microsoft", versions: [ { lessThan: "11.0.61252.0", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40699.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27552.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.7", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.50", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.24", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.18", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.13", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "11.0.61252.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40699.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27552.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.7", versionStartIncluding: "17.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:57.963Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-35777", datePublished: "2022-08-09T19:59:23", dateReserved: "2022-07-13T00:00:00", dateUpdated: "2025-01-02T19:34:57.963Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21815
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2025-01-01 00:41
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.52 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-21815", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-14T16:14:09.107938Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-14T16:14:19.107Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T09:51:51.156Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.52", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.13", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.24", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.19", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40700.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27555.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.5", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.52", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.24", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40700.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27555.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:03.370Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21815", datePublished: "2023-02-14T20:09:31.025Z", dateReserved: "2022-12-16T22:13:41.244Z", dateUpdated: "2025-01-01T00:41:03.370Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24512
Vulnerability from cvelistv5
Published
2022-03-09 17:08
Modified
2025-01-02 18:35
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) |
Version: 16.0.0 < 16.7.26 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:13:56.019Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: ".NET and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.26", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.18", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.11", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.7", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 5.0", vendor: "Microsoft", versions: [ { lessThan: "5.0.15", status: "affected", version: "5.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.3", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.23", status: "affected", version: "3.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.2", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.9", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.1", vendor: "Microsoft", versions: [ { lessThan: "7.1.6", status: "affected", version: "7.1.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.7.26", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.18", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.11", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.7", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "5.0.15", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.3", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", versionEndExcluding: "3.1.23", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.2", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.9", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", versionEndExcluding: "7.1.6", versionStartIncluding: "7.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-03-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET and Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:35:12.932Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512", }, ], title: ".NET and Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-24512", datePublished: "2022-03-09T17:08:15", dateReserved: "2022-02-05T00:00:00", dateUpdated: "2025-01-02T18:35:12.932Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29060
Vulnerability from cvelistv5
Published
2024-06-11 16:59
Modified
2024-12-31 19:37
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29060 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.10 |
Version: 17.10 < 17.10.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29060", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-11T18:59:22.420493Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-11T18:59:37.398Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.658Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29060", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.2", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.63", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.37", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.20", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.16", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.11", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.2", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.63", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.37", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.20", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.16", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.11", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-06-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T19:37:44.081Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29060", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29060", datePublished: "2024-06-11T16:59:48.371Z", dateReserved: "2024-03-14T23:05:27.954Z", dateUpdated: "2024-12-31T19:37:44.081Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28299
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2025-01-23 01:05
Severity ?
EPSS score ?
Summary
Visual Studio Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.54 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:23.931Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.54", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.15", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.26", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.21", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.7", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.5", vendor: "Microsoft", versions: [ { lessThan: "17.5.4", status: "affected", version: "17.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.54", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.15", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.26", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.21", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.7", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.5.4", versionStartIncluding: "17.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-04-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual Studio Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:05:20.556Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299", }, ], title: "Visual Studio Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-28299", datePublished: "2023-04-11T19:13:59.381Z", dateReserved: "2023-03-13T22:23:36.189Z", dateUpdated: "2025-01-23T01:05:20.556Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-34716
Vulnerability from cvelistv5
Published
2022-08-09 19:55
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
.NET Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.50 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:15:16.112Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: ".NET Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.50", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.7", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.24", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.18", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.13", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.8", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.28", status: "affected", version: "3.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.12", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.6", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.50", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.7", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.24", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.18", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.13", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.8", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", versionEndExcluding: "3.1.28", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.12", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.6", versionStartIncluding: "7.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:26.518Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716", }, ], title: ".NET Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-34716", datePublished: "2022-08-09T19:55:43", dateReserved: "2022-06-27T00:00:00", dateUpdated: "2025-01-02T19:34:26.518Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41032
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2025-02-28 20:53
Severity ?
EPSS score ?
Summary
NuGet Client Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41032 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | .NET 6.0 |
Version: 6.0.0 < 6.0.10 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:47.829Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032", }, { name: "FEDORA-2022-f9ca76e479", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3/", }, { name: "FEDORA-2022-7f5f9ede26", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5/", }, { name: "FEDORA-2022-2c37647a9c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-41032", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:59.400514Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:53:42.375Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.10", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.30", status: "affected", version: "3.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.9", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.20", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.26", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.15", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.3", vendor: "Microsoft", versions: [ { lessThan: "17.3.6", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Visual Studio 2022 for Mac version 17.3", vendor: "Microsoft", versions: [ { lessThan: "17.3.7", status: "affected", version: "17.3", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.10", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", versionEndExcluding: "3.1.30", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.9", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.20", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.26", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.15", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.3.6", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:macos:*:*", versionEndExcluding: "17.3.7", versionStartIncluding: "17.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-10-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "NuGet Client Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:27:14.366Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "NuGet Client Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41032", }, ], title: "NuGet Client Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41032", datePublished: "2022-10-11T00:00:00.000Z", dateReserved: "2022-09-19T00:00:00.000Z", dateUpdated: "2025-02-28T20:53:42.375Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32025
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2025-02-28 21:08
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Version: 17.0.0.0 < 17.10.4.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.785Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32025", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:21:00.289520Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:08:54.117Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.2.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-15T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:42.899Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-32025", datePublished: "2023-06-16T00:44:28.480Z", dateReserved: "2023-05-01T15:34:52.131Z", dateUpdated: "2025-02-28T21:08:54.117Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24897
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-01-01 01:43
Severity ?
EPSS score ?
Summary
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.55 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:11:43.453Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-24897", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T19:43:18.398305Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T19:43:32.943Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.55", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.16", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.27", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.22", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.8", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40700.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27555.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.7", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.18", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.3", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.12", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2019 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows Server 2019", "Windows 10 Version 1809 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.4644.0", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2012", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2012 (Server Core installation)", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.4644.0", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.4050.0", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2016", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 1607 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.5989", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04043.0", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.9166.0", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04043.0", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 and 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.19983", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.55", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.16", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.27", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.22", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.8", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40700.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27555.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.7", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.18", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.3", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.12", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.4644.0", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.4644.0", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.4050.0", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.5989", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04043.0", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.9166.0", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04043.0", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.19983", versionStartIncluding: "4.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:32.304Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897", }, ], title: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-24897", datePublished: "2023-06-14T14:52:10.089Z", dateReserved: "2023-01-31T20:32:35.472Z", dateUpdated: "2025-01-01T01:43:32.304Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35827
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Version: 17.2.0 < 17.2.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:44:22.086Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-35827", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T19:23:43.503677Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T19:25:36.725Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.7", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.13", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.50", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27552.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.18", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.24", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40699.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2012 Update 5", vendor: "Microsoft", versions: [ { lessThan: "11.0.61252.0", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.7", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.13", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.50", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27552.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.18", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.24", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40699.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "11.0.61252.0", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:57.317Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-35827", datePublished: "2022-08-09T20:12:50", dateReserved: "2022-07-13T00:00:00", dateUpdated: "2025-01-02T19:34:57.317Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24464
Vulnerability from cvelistv5
Published
2022-03-09 17:07
Modified
2025-01-02 18:35
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | .NET 6.0 |
Version: 6.0.0 < 6.0.3 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:13:55.503Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: ".NET and Visual Studio Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.3", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 5.0", vendor: "Microsoft", versions: [ { lessThan: "5.0.15", status: "affected", version: "5.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.23", status: "affected", version: "3.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.26", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.18", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.11", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.7", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.3", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "5.0.15", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", versionEndExcluding: "3.1.23", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.7.26", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.18", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.11", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.7", versionStartIncluding: "17.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-03-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET and Visual Studio Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:35:20.325Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET and Visual Studio Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464", }, ], title: ".NET and Visual Studio Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-24464", datePublished: "2022-03-09T17:07:46", dateReserved: "2022-02-05T00:00:00", dateUpdated: "2025-01-02T18:35:20.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28262
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2025-01-23 01:05
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28262 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Version: 17.2.0 < 17.2.15 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:30:24.747Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28262", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28262", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-07T15:40:10.106998Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-07T15:40:19.632Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.15", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.26", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.21", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.7", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.5", vendor: "Microsoft", versions: [ { lessThan: "17.5.4", status: "affected", version: "17.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.15", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.26", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.21", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.7", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.5.4", versionStartIncluding: "17.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-04-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:05:18.042Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28262", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-28262", datePublished: "2023-04-11T19:13:57.191Z", dateReserved: "2023-03-13T22:18:32.393Z", dateUpdated: "2025-01-23T01:05:18.042Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28296
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2025-01-23 01:05
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.54 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:24.531Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.54", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.15", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.26", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.21", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.7", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.5", vendor: "Microsoft", versions: [ { lessThan: "17.5.4", status: "affected", version: "17.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.54", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.15", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.26", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.21", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.7", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.5.4", versionStartIncluding: "17.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-04-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-415", description: "CWE-415: Double Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:05:20.136Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-28296", datePublished: "2023-04-11T19:13:58.852Z", dateReserved: "2023-03-13T22:23:36.188Z", dateUpdated: "2025-01-23T01:05:20.136Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21176
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-02-21 20:28
Severity ?
EPSS score ?
Summary
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.69 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21176", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-27T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-28T04:55:34.652Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.69", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.43", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.22", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.17", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.10", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.24252.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.12", vendor: "Microsoft", versions: [ { lessThan: "17.12.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 8.0", vendor: "Microsoft", versions: [ { lessThan: "8.0.12", status: "affected", version: "8.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 9.0", vendor: "Microsoft", versions: [ { lessThan: "9.0.1", status: "affected", version: "9.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows 11 Version 24H2 for ARM64-based Systems", "Windows 11 Version 24H2 for x64-based Systems", "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 11 Version 23H2 for ARM64-based Systems", "Windows 11 Version 23H2 for x64-based Systems", "Windows Server 2022, 23H2 Edition (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.1.09294.01", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04775.01", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04775.01", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04126.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.7699", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04126.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04126.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems", ], product: "Microsoft .NET Framework 4.6/4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.20890", status: "affected", version: "10.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.69", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.43", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.22", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.17", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.10", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.24252.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.12.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "8.0.12", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "9.0.1", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.1.09294.01", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04775.01", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04775.01", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04126.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.7699", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04126.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04126.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.20890", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-126", description: "CWE-126: Buffer Over-read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-21T20:28:06.914Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176", }, ], title: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21176", datePublished: "2025-01-14T18:04:00.852Z", dateReserved: "2024-12-05T21:43:30.761Z", dateUpdated: "2025-02-21T20:28:06.914Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0057
Vulnerability from cvelistv5
Published
2024-01-09 17:56
Modified
2024-12-31 18:39
Severity ?
EPSS score ?
Summary
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | .NET 8.0 |
Version: 1.0.0 < 8.0.1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T17:41:15.867Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240208-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: ".NET 8.0", vendor: "Microsoft", versions: [ { lessThan: "8.0.1", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.15", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.26", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.34", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "NuGet 5.11.0", vendor: "Microsoft", versions: [ { lessThan: "5.11.6.0", status: "affected", version: "5.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "NuGet 17.4.0", vendor: "Microsoft", versions: [ { lessThan: "17.4.3.0", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "NUGET 17.6.0", vendor: "Microsoft", versions: [ { lessThan: "17.6.2.0", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "NuGet 17.8.0", vendor: "Microsoft", versions: [ { lessThan: "17.8.1.0", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.18", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.3", vendor: "Microsoft", versions: [ { lessThan: "7.3.11", status: "affected", version: "7.3.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.4", vendor: "Microsoft", versions: [ { lessThan: "7.4.2", status: "affected", version: "7.4.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04690.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04690.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016 (Server Core installation)", "Windows Server 2016", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04081.03", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04081.02", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 11 Version 23H2 for ARM64-based Systems", "Windows 11 Version 23H2 for x64-based Systems", "Windows Server 2022, 23H2 Edition (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.09214.01", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 2.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.50727.8976", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 3.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.50727.8976", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "8.0.1", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.15", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.26", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.34", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*", versionEndExcluding: "5.11.6.0", versionStartIncluding: "5.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.3.0", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.2.0", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.1.0", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.18", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*", versionEndExcluding: "7.3.11", versionStartIncluding: "7.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*", versionEndExcluding: "7.4.2", versionStartIncluding: "7.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04690.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04690.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04081.03", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04081.02", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.09214.01", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.50727.8976", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.50727.8976", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-01-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T18:39:37.846Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057", }, ], title: "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-0057", datePublished: "2024-01-09T17:56:59.552Z", dateReserved: "2023-11-22T17:43:37.319Z", dateUpdated: "2024-12-31T18:39:37.846Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33139
Vulnerability from cvelistv5
Published
2023-06-13 23:25
Modified
2025-01-01 01:43
Severity ?
EPSS score ?
Summary
Visual Studio Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.55 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.318Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33139", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-02T16:39:22.157046Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-02T16:39:30.480Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.55", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.16", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.27", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.22", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.8", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40702.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27554.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.3", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.55", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.16", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.27", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.22", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.8", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40702.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27554.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.3", versionStartIncluding: "17.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:39.771Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139", }, ], title: "Visual Studio Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-33139", datePublished: "2023-06-13T23:25:55.404Z", dateReserved: "2023-05-17T21:16:44.896Z", dateUpdated: "2025-01-01T01:43:39.771Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29349
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2025-02-28 21:08
Severity ?
EPSS score ?
Summary
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft OLE DB Driver 18 for SQL Server |
Version: 18.0.0 < 18.6.0006.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:07:45.660Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-29349", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:20:52.256646Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:08:36.270Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.6.0006.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0001.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.2.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.6.0006.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0001.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-15T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:44.451Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349", }, ], title: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-29349", datePublished: "2023-06-16T00:44:38.243Z", dateReserved: "2023-04-04T22:34:18.382Z", dateUpdated: "2025-02-28T21:08:36.270Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20656
Vulnerability from cvelistv5
Published
2024-01-09 17:57
Modified
2024-12-31 18:39
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.59 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20656", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-30T18:27:10.585358Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-18T20:58:39.220Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:59:42.344Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.59", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27560.00", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.59", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27560.00", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-01-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59: Improper Link Resolution Before File Access ('Link Following')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T18:39:40.313Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-20656", datePublished: "2024-01-09T17:57:01.850Z", dateReserved: "2023-11-28T22:58:12.114Z", dateUpdated: "2024-12-31T18:39:40.313Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28929
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28929", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-22T16:11:54.498743Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-29T20:29:04.530Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.116Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:21.949Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28929", datePublished: "2024-04-09T17:00:27.042Z", dateReserved: "2024-03-13T01:26:53.031Z", dateUpdated: "2025-01-23T01:11:21.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43603
Vulnerability from cvelistv5
Published
2024-10-08 17:36
Modified
2025-01-29 23:51
Severity ?
EPSS score ?
Summary
Visual Studio Collector Service Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.11 |
Version: 17.11 < 17.11.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43603", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:35:39.922024Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T19:27:12.025Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.11", vendor: "Microsoft", versions: [ { lessThan: "17.11.5", status: "affected", version: "17.11", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.67", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.41", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.20", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.15", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.8", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27561.00", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.11.5", versionStartIncluding: "17.11", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.67", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.41", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.20", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.15", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.8", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27561.00", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-10-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual Studio Collector Service Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59: Improper Link Resolution Before File Access ('Link Following')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T23:51:01.997Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Collector Service Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603", }, ], title: "Visual Studio Collector Service Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43603", datePublished: "2024-10-08T17:36:17.098Z", dateReserved: "2024-08-14T01:08:33.551Z", dateUpdated: "2025-01-29T23:51:01.997Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21566
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Version: 17.2.0 < 17.2.13 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-21566", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T20:49:49.481846Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-03T20:49:58.715Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T09:44:01.415Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.13", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.52", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.5", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.19", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.24", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.52", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.24", versionStartIncluding: "16.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-73", description: "CWE-73: External Control of File Name or Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:49.244Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21566", datePublished: "2023-02-14T20:09:08.856Z", dateReserved: "2022-12-01T14:00:11.204Z", dateUpdated: "2025-01-01T00:40:49.244Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28263
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2025-01-23 01:05
Severity ?
EPSS score ?
Summary
Visual Studio Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Version: 17.2.0 < 17.2.15 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-28263", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-12T15:43:42.993245Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-12T15:43:49.201Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T12:30:24.687Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.15", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.26", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.21", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.7", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.5", vendor: "Microsoft", versions: [ { lessThan: "17.5.4", status: "affected", version: "17.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.15", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.26", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.21", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.7", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.5.4", versionStartIncluding: "17.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-04-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual Studio Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-170", description: "CWE-170: Improper Null Termination", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:05:18.837Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263", }, ], title: "Visual Studio Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-28263", datePublished: "2023-04-11T19:13:57.714Z", dateReserved: "2023-03-13T22:18:32.393Z", dateUpdated: "2025-01-23T01:05:18.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29117
Vulnerability from cvelistv5
Published
2022-05-10 20:34
Modified
2025-01-02 18:58
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29117 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | .NET 6.0 |
Version: 6.0.0 < 6.0.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:59.422Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", }, { name: "FEDORA-2022-d69fee9f38", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", }, { name: "FEDORA-2022-9a1d5ea33c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", }, { name: "FEDORA-2022-256d559f0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.5", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.25", status: "affected", version: "3.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 5.0", vendor: "Microsoft", versions: [ { lessThan: "5.0.17", status: "affected", version: "5.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.10", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.21", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.1", vendor: "Microsoft", versions: [ { lessThan: "17.1.7", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.14", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.5", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", versionEndExcluding: "3.1.25", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "5.0.17", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.10", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.21", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.1.7", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.14", versionStartIncluding: "16.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-05-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET and Visual Studio Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:58:09.910Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET and Visual Studio Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29117", }, ], title: ".NET and Visual Studio Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-29117", datePublished: "2022-05-10T20:34:23", dateReserved: "2022-04-12T00:00:00", dateUpdated: "2025-01-02T18:58:09.910Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28932
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28932", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T18:08:26.723573Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T18:08:37.536Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.356Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:22.905Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28932", datePublished: "2024-04-09T17:00:28.215Z", dateReserved: "2024-03-13T01:26:53.031Z", dateUpdated: "2025-01-23T01:11:22.905Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21808
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2025-02-28 21:13
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Version: 16.11.0 < 16.11.24 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: ".NET and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21808", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:13.694036Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:13:45.998Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.24", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.19", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.52", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.5", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.13", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27555.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40700.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.3", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.14", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.10", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2022", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 20H2 for ARM64-based Systems", "Windows 10 Version 20H2 for 32-bit Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows Server 2022 (Server Core installation)", "Windows Server 2019", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "10.0.04614.06", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 1607 for x64-based Systems", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2016", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.04038.03", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04614.08", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2012 R2", "Windows Server 2012 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04614.05", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022 (Server Core installation)", "Windows Server 2022", "Windows 10 Version 20H2 for 32-bit Systems", "Windows 10 Version 20H2 for ARM64-based Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 10 Version 22H2 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "10.0.09139.02", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04038.06", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 and 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.19747", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.24", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.52", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27555.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40700.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.3", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.14", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.10", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.04614.06", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.04038.03", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04614.08", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04614.05", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.09139.02", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04038.06", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.19747", versionStartIncluding: "4.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: ".NET and Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:01.018Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808", }, ], title: ".NET and Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21808", datePublished: "2023-02-14T20:09:27.030Z", dateReserved: "2022-12-16T22:13:41.241Z", dateUpdated: "2025-02-28T21:13:45.998Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-38013
Vulnerability from cvelistv5
Published
2022-09-13 00:00
Modified
2025-03-11 16:10
Severity ?
EPSS score ?
Summary
.NET Core and Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Visual Studio 2022 for Mac version 17.3 |
Version: 17.3 < 17.3.5 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:37:42.606Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013", }, { name: "FEDORA-2022-980d492c98", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE/", }, { name: "FEDORA-2022-847c67b3cd", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M/", }, { name: "FEDORA-2022-d80b1d2827", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y/", }, { name: "FEDORA-2022-34a610d9bf", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG/", }, { name: "FEDORA-2022-13046bb867", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Visual Studio 2022 for Mac version 17.3", vendor: "Microsoft", versions: [ { lessThan: "17.3.5", status: "affected", version: "17.3", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.3", vendor: "Microsoft", versions: [ { lessThan: "17.3.4", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.29", status: "affected", version: "3.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.9", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.19", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.25", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.14", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.8", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:macos:*:*", versionEndExcluding: "17.3.5", versionStartIncluding: "17.3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.3.4", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", versionEndExcluding: "3.1.29", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.9", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.19", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.25", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.14", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.8", versionStartIncluding: "17.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-09-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: ".NET Core and Visual Studio Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:10:17.149Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET Core and Visual Studio Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013", }, ], title: ".NET Core and Visual Studio Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-38013", datePublished: "2022-09-13T00:00:00", dateReserved: "2022-08-08T00:00:00", dateUpdated: "2025-03-11T16:10:17.149Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35825
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.50 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:44:22.119Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-35825", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T19:55:18.625937Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T19:55:28.427Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.50", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.24", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.18", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.13", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2012 Update 5", vendor: "Microsoft", versions: [ { lessThan: "11.0.61252.0", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40699.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27552.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.7", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.50", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.24", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.18", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.13", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "11.0.61252.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40699.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27552.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.7", versionStartIncluding: "17.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:56.178Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-35825", datePublished: "2022-08-09T20:12:22", dateReserved: "2022-07-13T00:00:00", dateUpdated: "2025-01-02T19:34:56.178Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29356
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2025-02-28 21:09
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Version: 17.0.0.0 < 17.10.4.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:07:45.671Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-29356", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:21:02.994154Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:09:01.066Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.2.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-15T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:42.064Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-29356", datePublished: "2023-06-16T00:44:27.384Z", dateReserved: "2023-04-04T22:34:18.384Z", dateUpdated: "2025-02-28T21:09:01.066Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21206
Vulnerability from cvelistv5
Published
2025-02-11 17:58
Modified
2025-03-12 01:42
Severity ?
EPSS score ?
Summary
Visual Studio Installer Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21206 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.70 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21206", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-11T19:17:19.452159Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-11T19:30:49.108Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.70", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.44", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.18", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.11", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.12", vendor: "Microsoft", versions: [ { lessThan: "17.12.5", status: "affected", version: "17.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.70", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.44", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.18", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.11", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.12.5", versionStartIncluding: "17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-02-11T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual Studio Installer Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427: Uncontrolled Search Path Element", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-12T01:42:07.678Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Installer Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21206", }, ], title: "Visual Studio Installer Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21206", datePublished: "2025-02-11T17:58:07.750Z", dateReserved: "2024-12-05T21:43:30.768Z", dateUpdated: "2025-03-12T01:42:07.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-23381
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2025-01-01 00:41
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Version: 16.11.0 < 16.11.24 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-23381", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T17:49:25.568186Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-23T17:49:29.460Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T10:28:40.951Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.24", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.19", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.13", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.52", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.5", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40700.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27555.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.24", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.52", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40700.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27555.0", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:21.901Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-23381", datePublished: "2023-02-14T20:09:59.470Z", dateReserved: "2023-01-11T22:08:03.134Z", dateUpdated: "2025-01-01T00:41:21.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28934
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0:*:*:*:*:linux:*:*", ], defaultStatus: "unknown", product: "odbc_driver_for_sql_server", vendor: "microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sql_server:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sql_server", vendor: "microsoft", versions: [ { status: "affected", version: "15.0.2000.5", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-28934", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T15:04:37.242018Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:16.066Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.518Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:05.878Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28934", datePublished: "2024-04-09T17:01:14.516Z", dateReserved: "2024-03-13T01:26:53.036Z", dateUpdated: "2025-01-23T01:12:05.878Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36897
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-01-01 01:59
Severity ?
EPSS score ?
Summary
Visual Studio Tools for Office Runtime Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.643Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Tools for Office Runtime Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36897", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-11T18:55:48.486878Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-11T18:58:02.478Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.56", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.18", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.29", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.10", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.6", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Visual Studio 2010 Tools for Office Runtime", vendor: "Microsoft", versions: [ { lessThan: "10.0.60910", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.56", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.18", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.29", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.10", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.6", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2010_tools_for_office_runtime:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.60910", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Tools for Office Runtime Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:12.128Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Tools for Office Runtime Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897", }, ], title: "Visual Studio Tools for Office Runtime Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36897", datePublished: "2023-08-08T17:08:53.174Z", dateReserved: "2023-06-27T20:28:49.988Z", dateUpdated: "2025-01-01T01:59:12.128Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21178
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-02-21 20:29
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.69 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21178", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-27T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-28T04:55:33.238Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.69", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.43", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.22", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.17", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.10", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.24252.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.12", vendor: "Microsoft", versions: [ { lessThan: "17.12.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.69", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.43", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.22", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.17", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.10", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.24252.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.12.4", versionStartIncluding: "17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-21T20:29:12.507Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21178", datePublished: "2025-01-14T18:04:01.376Z", dateReserved: "2024-12-05T21:43:30.761Z", dateUpdated: "2025-02-21T20:29:12.507Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41355
Vulnerability from cvelistv5
Published
2021-10-13 00:28
Modified
2024-08-04 03:08
Severity ?
EPSS score ?
Summary
.NET Core and Visual Studio Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41355 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | PowerShell 7.1 |
Version: 7.1.0 < 7.1.5 cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:08:32.217Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41355", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "PowerShell 7.1", vendor: "Microsoft", versions: [ { lessThan: "7.1.5", status: "affected", version: "7.1.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.12", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.5", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: ".NET 5.0", vendor: "Microsoft", versions: [ { lessThan: "5.0.11", status: "affected", version: "5.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-10-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET Core and Visual Studio Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:52:18.055Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41355", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], title: ".NET Core and Visual Studio Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-41355", datePublished: "2021-10-13T00:28:19", dateReserved: "2021-09-17T00:00:00", dateUpdated: "2024-08-04T03:08:32.217Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28937
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28937", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-22T20:00:06.674591Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:48.747Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.267Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:06.910Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28937", datePublished: "2024-04-09T17:01:15.620Z", dateReserved: "2024-03-13T01:26:53.037Z", dateUpdated: "2025-01-23T01:12:06.910Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24998
Vulnerability from cvelistv5
Published
2025-03-11 16:59
Modified
2025-03-23 16:12
Severity ?
EPSS score ?
Summary
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.13 |
Version: 17.10 < 17.13.3 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24998", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T18:26:24.652569Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T18:32:51.256Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.13", vendor: "Microsoft", versions: [ { lessThan: "17.13.3", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.12", vendor: "Microsoft", versions: [ { lessThan: "17.12.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.71", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.45", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.19", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.12", status: "affected", version: "17.10", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.13.3", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.12.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.71", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.45", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.19", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.12", versionStartIncluding: "17.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-03-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427: Uncontrolled Search Path Element", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-23T16:12:11.466Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-24998", datePublished: "2025-03-11T16:59:04.304Z", dateReserved: "2025-01-30T15:14:20.993Z", dateUpdated: "2025-03-23T16:12:11.466Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21567
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Version: 17.2.0 < 17.2.13 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-21567", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-29T15:38:10.306172Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:19:47.290Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T09:44:01.094Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.13", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.19", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.24", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.52", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.5", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.24", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.52", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59: Improper Link Resolution Before File Access ('Link Following')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:49.777Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567", }, ], title: "Visual Studio Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21567", datePublished: "2023-02-14T20:09:09.644Z", dateReserved: "2022-12-01T14:00:11.204Z", dateUpdated: "2025-01-01T00:40:49.777Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29145
Vulnerability from cvelistv5
Published
2022-05-10 20:34
Modified
2025-01-02 18:58
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29145 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | .NET 6.0 |
Version: 6.0.0 < 6.0.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:59.448Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29145", }, { name: "FEDORA-2022-d69fee9f38", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", }, { name: "FEDORA-2022-9a1d5ea33c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", }, { name: "FEDORA-2022-256d559f0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.5", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.25", status: "affected", version: "3.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 5.0", vendor: "Microsoft", versions: [ { lessThan: "5.0.17", status: "affected", version: "5.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.1", vendor: "Microsoft", versions: [ { lessThan: "17.1.7", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.21", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.10", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.14", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.5", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", versionEndExcluding: "3.1.25", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "5.0.17", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.1.7", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.21", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.10", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.14", versionStartIncluding: "16.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-05-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET and Visual Studio Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:58:19.924Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET and Visual Studio Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29145", }, ], title: ".NET and Visual Studio Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-29145", datePublished: "2022-05-10T20:34:56", dateReserved: "2022-04-12T00:00:00", dateUpdated: "2025-01-02T18:58:19.924Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }