All the vulnerabilites related to Microsoft - Microsoft Visual Studio 2022 version 17.2
cve-2023-32026
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 15:03
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.1.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.2.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.1.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.33",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.23",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.15",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.11",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.4",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-15T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:21:54.201Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-32026",
"datePublished": "2023-06-16T00:44:29.037Z",
"dateReserved": "2023-05-01T15:34:52.131Z",
"dateUpdated": "2024-08-02T15:03:28.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29331
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012",
"Windows Server 2016",
"Windows Server 2012 (Server Core installation)",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2012 R2 (Server Core installation)",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2012 R2",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2022 (Server Core installation)",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5989",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.9166.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19983",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:21:59.804Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331"
}
],
"title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-29331",
"datePublished": "2023-06-14T14:52:19.830Z",
"dateReserved": "2023-04-04T22:34:18.378Z",
"dateUpdated": "2024-08-02T14:07:45.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32028
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 15:03
Severity ?
EPSS score ?
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft OLE DB Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft OLE DB Driver 19 for SQL Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "19.3.0001.0",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft OLE DB Driver 18 for SQL Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.6.0006.0",
"status": "affected",
"version": "18.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.33",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.23",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.15",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.11",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.4",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-15T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:21:55.906Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OLE DB Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028"
}
],
"title": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-32028",
"datePublished": "2023-06-16T00:44:30.155Z",
"dateReserved": "2023-05-01T15:34:52.132Z",
"dateUpdated": "2024-08-02T15:03:28.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32032
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2024-08-02 15:03
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32032",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T20:01:37.888322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T20:01:48.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:22:21.416Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032"
}
],
"title": ".NET and Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-32032",
"datePublished": "2023-06-13T23:26:21.832Z",
"dateReserved": "2023-05-01T15:34:52.133Z",
"dateUpdated": "2024-08-02T15:03:28.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28260
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
.NET DLL Hijacking Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28260 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET DLL Hijacking Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.16",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.5.4",
"status": "affected",
"version": "17.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.7",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.15",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.21",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.4",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET DLL Hijacking Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T01:56:35.458Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET DLL Hijacking Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28260"
}
],
"title": ".NET DLL Hijacking Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-28260",
"datePublished": "2023-04-11T19:13:56.662Z",
"dateReserved": "2023-03-13T22:18:32.391Z",
"dateUpdated": "2024-08-02T12:30:24.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0056
Vulnerability from cvelistv5
Published
2024-01-09 17:56
Modified
2024-10-08 15:39
Severity ?
EPSS score ?
Summary
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1110.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.26",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.15",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:data_sql_client:2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:microsoft:data_sql_client:3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:microsoft:data_sql_client:4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:microsoft:data_sql_client:5.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft.Data.SqlClient",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.1.7",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThan": "3.1.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThan": "4.0.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThan": "5.1.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:System.Data.SqlClient:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "System.Data.SqlClient",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.23",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.15",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.11",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.4",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (CU 10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4100.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2016",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04690.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.8.04690.01",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04690.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2016",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04081.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "10.0.14393.6614",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2012 R2"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04081.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.04081.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "3.0.50727.8976",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022 (Server Core installation)",
"Windows Server 2022",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 11 Version 23H2 for ARM64-based Systems",
"Windows Server 2022, 23H2 Edition (Server Core installation)",
"Windows 11 Version 23H2 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.09214.01",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.50727.8976",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-01-09T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T15:39:51.662Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056"
}
],
"title": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-0056",
"datePublished": "2024-01-09T17:56:58.972Z",
"dateReserved": "2023-11-22T17:43:06.743Z",
"dateUpdated": "2024-10-08T15:39:51.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33126
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2024-08-02 15:39
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T14:17:17.554630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T14:17:47.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:22:21.995Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126"
}
],
"title": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33126",
"datePublished": "2023-06-13T23:26:22.404Z",
"dateReserved": "2023-05-17T21:16:44.895Z",
"dateUpdated": "2024-08-02T15:39:35.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-21319
Vulnerability from cvelistv5
Published
2024-01-09 18:59
Modified
2024-10-08 15:40
Severity ?
EPSS score ?
Summary
Microsoft Identity Denial of service vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:39.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Identity Denial of service vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.26",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.23",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.11",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.15",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.4",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.15",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:identitymodel_for_nuget:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Identity Model v6.0.0 forNuget",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.34.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:identitymodel_for_nuget:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Identity Model v7.0.0 for Nuget",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:identitymodel:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Identity Model v6.0.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.34.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:identitymodel:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Identity Model v5.0.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:identitymodel:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Identity Model v7.0.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:identitymodel_for_nuget:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Identity Model v5.0.0 for Nuget",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-01-09T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Identity Denial of service vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T15:40:06.745Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Identity Denial of service vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319"
}
],
"title": "Microsoft Identity Denial of service vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21319",
"datePublished": "2024-01-09T18:59:01.270Z",
"dateReserved": "2023-12-08T22:45:19.367Z",
"dateUpdated": "2024-10-08T15:40:06.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30184
Vulnerability from cvelistv5
Published
2022-06-15 21:52
Modified
2024-09-10 15:57
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNH4AC3LFVX35MDRX5OBZDGD2AMH66K/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:40:47.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184"
},
{
"name": "FEDORA-2022-cd37732349",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNH4AC3LFVX35MDRX5OBZDGD2AMH66K/"
},
{
"name": "FEDORA-2022-5508547b1e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET Core 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.1.26",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.9.22",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*"
],
"platforms": [
"Unknown"
],
"product": "Visual Studio 2019 for Mac version 8.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.16",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.11",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.4",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "NuGet.exe",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.0",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Visual Studio 2022 for Mac version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.2",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-14T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:57:25.636Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184"
},
{
"name": "FEDORA-2022-cd37732349",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNH4AC3LFVX35MDRX5OBZDGD2AMH66K/"
},
{
"name": "FEDORA-2022-5508547b1e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2/"
}
],
"title": ".NET and Visual Studio Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-30184",
"datePublished": "2022-06-15T21:52:20",
"dateReserved": "2022-05-03T00:00:00",
"dateUpdated": "2024-09-10T15:57:25.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35390
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2024-08-02 16:23
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T01:21:48.088404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:41.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35390"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.18",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.10",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.6",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.21",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-08-08T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T01:33:04.938Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35390"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY/"
}
],
"title": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-35390",
"datePublished": "2023-08-08T17:08:54.243Z",
"dateReserved": "2023-06-14T23:09:47.639Z",
"dateUpdated": "2024-08-02T16:23:59.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32025
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 15:03
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.1.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.2.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.1.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.33",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.23",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.15",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.11",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.4",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-15T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:21:53.646Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-32025",
"datePublished": "2023-06-16T00:44:28.480Z",
"dateReserved": "2023-05-01T15:34:52.131Z",
"dateUpdated": "2024-08-02T15:03:28.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36796
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2024-08-02 17:01
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:14:53.378773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:47.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.9",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.7.6",
"status": "affected",
"version": "17.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.57",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.21",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.30",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.13",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.40707.0",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27559.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.24",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04667.03",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.8.04667.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2016",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04667.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04063.05",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2016 (Server Core installation)",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6252",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04063.01",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.04063.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022 (Server Core installation)",
"Windows Server 2022",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.09186.01",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
},
{
"lessThan": "4.8.09186.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04063.01",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 for x64-based Systems",
"Windows 10 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.20162",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-09-12T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:41:11.166Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36796",
"datePublished": "2023-09-12T16:58:39.186Z",
"dateReserved": "2023-06-27T15:11:59.873Z",
"dateUpdated": "2024-08-02T17:01:09.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36799
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2024-08-02 17:01
Severity ?
EPSS score ?
Summary
.NET Core and Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T16:23:47.132893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:46.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET Core and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.24",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.21",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.13",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.9",
"status": "affected",
"version": "17.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.9",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.14",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.14",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-09-12T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET Core and Visual Studio Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:41:10.655Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET Core and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799"
}
],
"title": ".NET Core and Visual Studio Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36799",
"datePublished": "2023-09-12T16:58:38.681Z",
"dateReserved": "2023-06-27T15:11:59.874Z",
"dateUpdated": "2024-08-02T17:01:09.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35826
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2024-10-21 19:26
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T19:26:13.774576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T19:26:26.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.50",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.9.24",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.18",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.13",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2012 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "11.0.61252.0",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.40699.0",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27552.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.7",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-09T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T21:28:24.007Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-35826",
"datePublished": "2022-08-09T20:12:36",
"dateReserved": "2022-07-13T00:00:00",
"dateUpdated": "2024-10-21T19:26:26.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29349
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft OLE DB Driver 18 for SQL Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.6.0006.0",
"status": "affected",
"version": "18.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft OLE DB Driver 19 for SQL Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "19.3.0001.0",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.33",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.23",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.15",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.11",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.4",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.1.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.1.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.2.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-15T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:21:55.324Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349"
}
],
"title": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-29349",
"datePublished": "2023-06-16T00:44:38.243Z",
"dateReserved": "2023-04-04T22:34:18.382Z",
"dateUpdated": "2024-08-02T14:07:45.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21566
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2024-08-02 09:44
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T20:49:49.481846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T20:49:58.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.13",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.52",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.5",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.19",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.24",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:05:07.136Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566"
}
],
"title": "Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21566",
"datePublished": "2023-02-14T20:09:08.856Z",
"dateReserved": "2022-12-01T14:00:11.204Z",
"dateUpdated": "2024-08-02T09:44:01.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36049
Vulnerability from cvelistv5
Published
2023-11-14 20:18
Modified
2024-08-02 16:37
Severity ?
EPSS score ?
Summary
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.22",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.14",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.7.7",
"status": "affected",
"version": "17.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.10",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.25",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 11 Version 23H2 for x64-based Systems",
"Windows Server 2022, 23H2 Edition (Server Core installation)",
"Windows 11 Version 23H2 for ARM64-based Systems",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.9206.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4682.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.8.9206.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4682.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4076.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6452",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4076.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4076.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.20308",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.50727.8975",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.50727.8975",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.50727.8975",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.50727.8975",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T01:21:21.585Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049"
}
],
"title": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36049",
"datePublished": "2023-11-14T20:18:04.925Z",
"dateReserved": "2023-06-20T20:44:39.829Z",
"dateUpdated": "2024-08-02T16:37:41.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33139
Vulnerability from cvelistv5
Published
2023-06-13 23:25
Modified
2024-10-02 16:39
Severity ?
EPSS score ?
Summary
Visual Studio Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T16:39:22.157046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T16:39:30.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.55",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.27",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.40702.0",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27554.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:21:51.371Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
}
],
"title": "Visual Studio Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33139",
"datePublished": "2023-06-13T23:25:55.404Z",
"dateReserved": "2023-05-17T21:16:44.896Z",
"dateUpdated": "2024-10-02T16:39:30.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24895
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2024-08-02 11:11
Severity ?
EPSS score ?
Summary
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T14:58:02.929435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T14:58:08.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:42.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012 (Server Core installation)",
"Windows Server 2016",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2012",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2012 R2"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows Server 2019",
"Windows Server 2022 (Server Core installation)",
"Windows Server 2019 (Server Core installation)",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2022",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 22H2 for ARM64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5989",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.9166.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19983",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:21:46.335Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895"
}
],
"title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-24895",
"datePublished": "2023-06-14T14:52:18.749Z",
"dateReserved": "2023-01-31T20:32:35.471Z",
"dateUpdated": "2024-08-02T11:11:42.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28296
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2024-08-02 12:38
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.54",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.15",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.26",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.21",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.7",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.5.4",
"status": "affected",
"version": "17.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415: Double Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T01:56:37.551Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-28296",
"datePublished": "2023-04-11T19:13:58.852Z",
"dateReserved": "2023-03-13T22:23:36.188Z",
"dateUpdated": "2024-08-02T12:38:24.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36759
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2024-08-02 17:01
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.19",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.30",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.11",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.7.4",
"status": "affected",
"version": "17.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.7",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-09-12T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:41:02.027Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759"
}
],
"title": "Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36759",
"datePublished": "2023-09-12T16:58:29.748Z",
"dateReserved": "2023-06-27T15:11:59.867Z",
"dateUpdated": "2024-08-02T17:01:09.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33128
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2024-08-02 15:39
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T14:18:33.333686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T14:18:51.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:22:22.547Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128"
}
],
"title": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33128",
"datePublished": "2023-06-13T23:26:22.949Z",
"dateReserved": "2023-05-17T21:16:44.895Z",
"dateUpdated": "2024-08-02T15:39:35.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41119
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2024-08-07 13:57
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T20:17:21.236549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:30.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.10",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.51",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.21",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.3:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.3.7",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.16",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-08T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:02:06.120Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41119",
"datePublished": "2022-11-09T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2024-08-07T13:57:30.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24897
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2024-09-27 19:43
Severity ?
EPSS score ?
Summary
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T19:43:18.398305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:43:32.943Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.55",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.27",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.40700.0",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27555.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows Server 2019 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows Server 2019",
"Windows 10 Version 1809 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2012",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2012 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2016",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016 (Server Core installation)",
"Windows 10 Version 1607 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5989",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.9166.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19983",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:21:45.757Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
}
],
"title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-24897",
"datePublished": "2023-06-14T14:52:10.089Z",
"dateReserved": "2023-01-31T20:32:35.472Z",
"dateUpdated": "2024-09-27T19:43:32.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21567
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2024-08-02 09:44
Severity ?
EPSS score ?
Summary
Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T15:38:10.306172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:47.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.13",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.19",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.24",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.52",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.5",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:05:07.715Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567"
}
],
"title": "Visual Studio Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21567",
"datePublished": "2023-02-14T20:09:09.644Z",
"dateReserved": "2022-12-01T14:00:11.204Z",
"dateUpdated": "2024-08-02T09:44:01.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29356
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.1.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.2.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.1.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.23",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.15",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.11",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.4",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.33",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-15T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:21:53.074Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-29356",
"datePublished": "2023-06-16T00:44:27.384Z",
"dateReserved": "2023-04-04T22:34:18.384Z",
"dateUpdated": "2024-08-02T14:07:45.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33135
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2024-08-02 15:39
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T14:58:48.967130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T14:59:00.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:22:26.071Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135"
}
],
"title": ".NET and Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33135",
"datePublished": "2023-06-13T23:26:26.390Z",
"dateReserved": "2023-05-17T21:16:44.896Z",
"dateUpdated": "2024-08-02T15:39:35.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21815
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2024-08-02 09:51
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T16:14:09.107938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T16:14:19.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:51.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.52",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.13",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.24",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.19",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.40700.0",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27555.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.5",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:05:20.733Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21815",
"datePublished": "2023-02-14T20:09:31.025Z",
"dateReserved": "2022-12-16T22:13:41.244Z",
"dateUpdated": "2024-08-02T09:51:51.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38180
Vulnerability from cvelistv5
Published
2023-08-08 18:52
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Denial of Service Vulnerability
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38180",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T20:42:20.831219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-08-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-38180"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T20:42:51.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "ASP.NET Core 2.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.1.40",
"status": "affected",
"version": "2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.21",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.18",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.10",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.6",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-08-08T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T01:33:06.993Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY/"
}
],
"title": ".NET and Visual Studio Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-38180",
"datePublished": "2023-08-08T18:52:31.790Z",
"dateReserved": "2023-07-12T23:41:45.867Z",
"dateUpdated": "2024-08-02T17:30:14.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35827
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2024-10-21 19:25
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T19:23:43.503677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T19:25:36.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.7",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.13",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.50",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27552.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.18",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.9.24",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.40699.0",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2012 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "11.0.61252.0",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-09T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T21:28:24.514Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-35827",
"datePublished": "2022-08-09T20:12:50",
"dateReserved": "2022-07-13T00:00:00",
"dateUpdated": "2024-10-21T19:25:36.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36558
Vulnerability from cvelistv5
Published
2023-11-14 21:35
Modified
2024-08-02 16:52
Severity ?
EPSS score ?
Summary
ASP.NET Core - Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36558",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T14:17:29.323763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T14:17:40.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:52.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASP.NET Core - Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.25",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:6.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "ASP.NET Core 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.25",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.22",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.14",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.10",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.7.7",
"status": "affected",
"version": "17.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:7.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "ASP.NET Core 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:8.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "ASP.NET Core 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "ASP.NET Core - Security Feature Bypass Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T01:21:10.813Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ASP.NET Core - Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558"
}
],
"title": "ASP.NET Core - Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36558",
"datePublished": "2023-11-14T21:35:31.499Z",
"dateReserved": "2023-06-23T20:11:38.789Z",
"dateUpdated": "2024-08-02T16:52:52.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33170
Vulnerability from cvelistv5
Published
2023-07-11 17:03
Modified
2024-08-02 15:39
Severity ?
EPSS score ?
Summary
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.17",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.23",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.9",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.5",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.20",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-11T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:59:18.447Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/"
}
],
"title": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33170",
"datePublished": "2023-07-11T17:03:13.113Z",
"dateReserved": "2023-05-17T21:16:44.903Z",
"dateUpdated": "2024-08-02T15:39:35.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36794
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2024-08-02 17:01
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T15:55:22.038287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T15:55:32.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.57",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.21",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.30",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.13",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.24",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.9",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.9",
"status": "affected",
"version": "17.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2016 (Server Core installation)",
"Windows Server 2016",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows 10 Version 1607 for x64-based Systems",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04667.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2019 (Server Core installation)",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows Server 2019",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04667.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.8.04667.03",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04063.05",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1607 for x64-based Systems",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6252",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04063.01",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.04063.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.09186.01",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
},
{
"lessThan": "4.8.09186.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04063.01",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 for x64-based Systems",
"Windows 10 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.20162",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012",
"Windows Server 2012 R2",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-09-12T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:41:11.685Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36794",
"datePublished": "2023-09-12T16:58:39.719Z",
"dateReserved": "2023-06-27T15:11:59.873Z",
"dateUpdated": "2024-08-02T17:01:09.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35777
Vulnerability from cvelistv5
Published
2022-08-09 19:59
Modified
2024-08-03 09:44
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:21.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.50",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.9.24",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.18",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.13",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2012 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "11.0.61252.0",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.40699.0",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27552.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.7",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-09T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T21:28:07.977Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-35777",
"datePublished": "2022-08-09T19:59:23",
"dateReserved": "2022-07-13T00:00:00",
"dateUpdated": "2024-08-03T09:44:21.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38178
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
.NET Core and Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38178 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:24:24.810142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:14.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET Core and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.21",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.18",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.10",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-08-08T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET Core and Visual Studio Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T01:33:07.502Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET Core and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38178"
}
],
"title": ".NET Core and Visual Studio Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-38178",
"datePublished": "2023-08-08T17:08:57.014Z",
"dateReserved": "2023-07-12T23:41:45.865Z",
"dateUpdated": "2024-08-02T17:30:14.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28263
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
Visual Studio Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T15:43:42.993245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T15:43:49.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.15",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.26",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.21",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.7",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.5.4",
"status": "affected",
"version": "17.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170: Improper Null Termination",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T01:56:36.505Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263"
}
],
"title": "Visual Studio Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-28263",
"datePublished": "2023-04-11T19:13:57.714Z",
"dateReserved": "2023-03-13T22:18:32.393Z",
"dateUpdated": "2024-08-02T12:30:24.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36793
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2024-08-02 17:01
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T15:20:19.558478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:44.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.57",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.21",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.30",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.13",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.24",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.9",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.9",
"status": "affected",
"version": "17.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2016",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2012 R2",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04667.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2019",
"Windows Server 2022 (Server Core installation)",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04667.03",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.8.04667.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6252",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2019"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04063.05",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04063.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.04063.01",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 11 Version 22H2 for ARM64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.09186.01",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
},
{
"lessThan": "4.8.09186.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04063.01",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.20162",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-09-12T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:41:12.204Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36793",
"datePublished": "2023-09-12T16:58:40.256Z",
"dateReserved": "2023-06-27T15:11:59.872Z",
"dateUpdated": "2024-08-02T17:01:09.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35391
Vulnerability from cvelistv5
Published
2023-08-08 18:52
Modified
2024-09-11 18:57
Severity ?
EPSS score ?
Summary
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T18:55:14.681715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:57:48.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.18",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.10",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.6",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "ASP.NET Core 2.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.1.40",
"status": "affected",
"version": "2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.21",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-08-08T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T01:33:05.429Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391"
}
],
"title": "ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-35391",
"datePublished": "2023-08-08T18:52:30.105Z",
"dateReserved": "2023-06-14T23:09:47.640Z",
"dateUpdated": "2024-09-11T18:57:48.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-38013
Vulnerability from cvelistv5
Published
2022-09-13 00:00
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
.NET Core and Visual Studio Denial of Service Vulnerability
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013"
},
{
"name": "FEDORA-2022-980d492c98",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE/"
},
{
"name": "FEDORA-2022-847c67b3cd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M/"
},
{
"name": "FEDORA-2022-d80b1d2827",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y/"
},
{
"name": "FEDORA-2022-34a610d9bf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG/"
},
{
"name": "FEDORA-2022-13046bb867",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:macos:*:*"
],
"platforms": [
"Unknown"
],
"product": "Visual Studio 2022 for Mac version 17.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.3.5",
"status": "affected",
"version": "17.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.3:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.3.4",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET Core 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.1.29",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.9",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.19",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.9.25",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.14",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.8",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET Core and Visual Studio Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:11:38.022Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013"
},
{
"name": "FEDORA-2022-980d492c98",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE/"
},
{
"name": "FEDORA-2022-847c67b3cd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M/"
},
{
"name": "FEDORA-2022-d80b1d2827",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y/"
},
{
"name": "FEDORA-2022-34a610d9bf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG/"
},
{
"name": "FEDORA-2022-13046bb867",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY/"
}
],
"title": ".NET Core and Visual Studio Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-38013",
"datePublished": "2022-09-13T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38171
Vulnerability from cvelistv5
Published
2023-10-10 17:07
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
Microsoft QUIC Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft QUIC Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.20",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.12",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.8",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.7.5",
"status": "affected",
"version": "17.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2031:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.2031",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.2538:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.2538:*:*:*:*:*:arm64:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 11 version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22000.2538",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.2428:*:*:*:*:*:arm64:*",
"cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.2428:*:*:*:*:*:x64:*"
],
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.2428",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.12",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.9",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-10-10T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft QUIC Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T19:41:09.939Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft QUIC Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
}
],
"title": "Microsoft QUIC Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-38171",
"datePublished": "2023-10-10T17:07:23.843Z",
"dateReserved": "2023-07-12T23:41:45.863Z",
"dateUpdated": "2024-08-02T17:30:14.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28299
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2024-08-02 12:38
Severity ?
EPSS score ?
Summary
Visual Studio Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:23.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.54",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.15",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.26",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.21",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.7",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.5.4",
"status": "affected",
"version": "17.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T01:56:38.064Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299"
}
],
"title": "Visual Studio Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-28299",
"datePublished": "2023-04-11T19:13:59.381Z",
"dateReserved": "2023-03-13T22:23:36.189Z",
"dateUpdated": "2024-08-02T12:38:23.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0057
Vulnerability from cvelistv5
Published
2024-01-09 17:56
Modified
2024-10-08 15:39
Severity ?
EPSS score ?
Summary
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240208-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.15",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.26",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.23",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.34",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.15",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.11",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.4",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:nuget:5.11.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "NuGet 5.11.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.11.6.0",
"status": "affected",
"version": "5.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:nuget:17.4.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "NuGet 17.4.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.3.0",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:nuget:17.6.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "NUGET 17.6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.2.0",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:nuget:17.8.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "NuGet 17.8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.1.0",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.18",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.11",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04690.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.8.04690.01",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04690.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2016"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04081.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "10.0.14393.6614",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04081.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.04081.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "3.0.50727.8976",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 11 Version 23H2 for ARM64-based Systems",
"Windows 11 Version 23H2 for x64-based Systems",
"Windows Server 2022, 23H2 Edition (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.09214.01",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.50727.8976",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.50727.8976",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-01-09T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T15:39:52.262Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057"
}
],
"title": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-0057",
"datePublished": "2024-01-09T17:56:59.552Z",
"dateReserved": "2023-11-22T17:43:37.319Z",
"dateUpdated": "2024-10-08T15:39:52.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28262
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2024-10-07 15:40
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28262 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28262"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T15:40:10.106998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T15:40:19.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.15",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.26",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.21",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.7",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.5.4",
"status": "affected",
"version": "17.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T01:56:35.985Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28262"
}
],
"title": "Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-28262",
"datePublished": "2023-04-11T19:13:57.191Z",
"dateReserved": "2023-03-13T22:18:32.393Z",
"dateUpdated": "2024-10-07T15:40:19.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20656
Vulnerability from cvelistv5
Published
2024-01-09 17:57
Modified
2024-10-08 15:39
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-30T18:27:10.585358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T20:58:39.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.59",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.23",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.33",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.15",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.11",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27560.00",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-01-09T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T15:39:54.529Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656"
}
],
"title": "Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-20656",
"datePublished": "2024-01-09T17:57:01.850Z",
"dateReserved": "2023-11-28T22:58:12.114Z",
"dateUpdated": "2024-10-08T15:39:54.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21808
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2024-08-02 09:51
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:50.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.24",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.19",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.52",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.5",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.13",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27555.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.40700.0",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.14",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.10",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows Server 2022",
"Windows Server 2019 (Server Core installation)",
"Windows 10 Version 20H2 for ARM64-based Systems",
"Windows 10 Version 20H2 for 32-bit Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows Server 2022 (Server Core installation)",
"Windows Server 2019",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.04614.06",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "10.0.4614.06",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "10.0.04614.05",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2016 (Server Core installation)",
"Windows 10 Version 1607 for x64-based Systems",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2016"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.04038.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "10.0.14393.5717",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04614.08",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.04038.05",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.04038.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.04038.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2012 R2",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04614.05",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.8.04614.03",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.8.4614.08",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.8.4614.07",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022 (Server Core installation)",
"Windows Server 2022",
"Windows 10 Version 20H2 for 32-bit Systems",
"Windows 10 Version 20H2 for ARM64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 22H2 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.09139.02",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04038.06",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4038.05",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19747",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:05:18.735Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808"
}
],
"title": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21808",
"datePublished": "2023-02-14T20:09:27.030Z",
"dateReserved": "2022-12-16T22:13:41.241Z",
"dateUpdated": "2024-08-02T09:51:50.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41032
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2024-08-03 12:35
Severity ?
EPSS score ?
Summary
NuGet Client Elevation of Privilege Vulnerability
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:47.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032"
},
{
"name": "FEDORA-2022-f9ca76e479",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3/"
},
{
"name": "FEDORA-2022-7f5f9ede26",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5/"
},
{
"name": "FEDORA-2022-2c37647a9c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.10",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET Core 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.1.30",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.9",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.20",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.9.26",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.15",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.3:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.3.6",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:macos:*:*"
],
"platforms": [
"Unknown"
],
"product": "Visual Studio 2022 for Mac version 17.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.3.7",
"status": "affected",
"version": "17.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-11T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "NuGet Client Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T17:23:42.524Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032"
},
{
"name": "FEDORA-2022-f9ca76e479",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3/"
},
{
"name": "FEDORA-2022-7f5f9ede26",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5/"
},
{
"name": "FEDORA-2022-2c37647a9c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM/"
}
],
"title": "NuGet Client Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41032",
"datePublished": "2022-10-11T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2024-08-03T12:35:47.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36897
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2024-09-11 18:58
Severity ?
EPSS score ?
Summary
Visual Studio Tools for Office Runtime Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Tools for Office Runtime Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T18:55:48.486878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:58:02.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.56",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.18",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.29",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.10",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.6",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2010_tools_for_office_runtime:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Visual Studio 2010 Tools for Office Runtime",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.60910",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-08-08T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Tools for Office Runtime Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T01:33:03.908Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Tools for Office Runtime Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
}
],
"title": "Visual Studio Tools for Office Runtime Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36897",
"datePublished": "2023-08-08T17:08:53.174Z",
"dateReserved": "2023-06-27T20:28:49.988Z",
"dateUpdated": "2024-09-11T18:58:02.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32027
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 15:03
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.2.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.1.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.1.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.33",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.23",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.15",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.11",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.4",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-15T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:21:54.773Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-32027",
"datePublished": "2023-06-16T00:44:29.549Z",
"dateReserved": "2023-05-01T15:34:52.132Z",
"dateUpdated": "2024-08-02T15:03:28.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36038
Vulnerability from cvelistv5
Published
2023-11-14 21:35
Modified
2024-08-02 16:37
Severity ?
EPSS score ?
Summary
ASP.NET Core Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36038 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36038",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-03T02:09:07.366234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T21:00:12.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASP.NET Core Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:8.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "ASP.NET Core 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.22",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.14",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.10",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.7.7",
"status": "affected",
"version": "17.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "ASP.NET Core Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T01:21:25.150Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ASP.NET Core Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36038"
}
],
"title": "ASP.NET Core Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36038",
"datePublished": "2023-11-14T21:35:48.071Z",
"dateReserved": "2023-06-20T20:44:39.827Z",
"dateUpdated": "2024-08-02T16:37:41.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24936
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2024-08-02 11:11
Severity ?
EPSS score ?
Summary
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T14:48:19.526051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:22.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2016 (Server Core installation)",
"Windows Server 2012 R2 (Server Core installation)",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2012 R2",
"Windows Server 2016"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2022 (Server Core installation)",
"Windows Server 2022",
"Windows Server 2019",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows Server 2019",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5989",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012 R2",
"Windows Server 2012",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022 (Server Core installation)",
"Windows Server 2022",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.9166.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for 32-bit Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19983",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2012 R2"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:21:46.957Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936"
}
],
"title": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-24936",
"datePublished": "2023-06-14T14:52:19.301Z",
"dateReserved": "2023-01-31T20:37:47.257Z",
"dateUpdated": "2024-08-02T11:11:43.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36792
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2024-08-02 17:01
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T14:00:38.974579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T14:00:45.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.57",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.21",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.30",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.13",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.24",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.9",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.9",
"status": "affected",
"version": "17.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2016",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2016 (Server Core installation)",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2012"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04667.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows Server 2019",
"Windows Server 2022 (Server Core installation)",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows Server 2022",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04667.03",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.8.04667.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2019"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04063.05",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2016",
"Windows 10 Version 1607 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6252",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2012 R2",
"Windows Server 2012",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04063.01",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.7.04063.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.09186.01",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
},
{
"lessThan": "4.8.09186.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04063.01",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.20162",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.30729.8957",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-09-12T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:41:12.722Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36792",
"datePublished": "2023-09-12T16:58:40.779Z",
"dateReserved": "2023-06-27T15:11:59.871Z",
"dateUpdated": "2024-08-02T17:01:09.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-34716
Vulnerability from cvelistv5
Published
2022-08-09 19:55
Modified
2024-08-03 09:15
Severity ?
EPSS score ?
Summary
.NET Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:16.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.50",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.7",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.9.24",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.18",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.13",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.8",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET Core 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.1.28",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.12",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.6",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-09T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T21:27:59.001Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716"
}
],
"title": ".NET Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-34716",
"datePublished": "2022-08-09T19:55:43",
"dateReserved": "2022-06-27T00:00:00",
"dateUpdated": "2024-08-03T09:15:16.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41089
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 12:35
Severity ?
EPSS score ?
Summary
.NET Framework Remote Code Execution Vulnerability
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.11",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.22",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.17",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.3",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.12",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET Core 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.1.32",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.9",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2012 R2",
"Windows Server 2012 (Server Core installation)",
"Windows 8.1 for 32-bit systems",
"Windows Server 2016",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2012",
"Windows Server 2016 (Server Core installation)",
"Windows 7 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows 7 for 32-bit Systems Service Pack 1",
"Windows Server 2012 R2 (Server Core installation)",
"Windows RT 8.1",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 8.1 for x64-based systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 22H2 for x64-based Systems"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "04590.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4590.03",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "04590.03",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "04590.04",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows 10 Version 21H1 for ARM64-based Systems",
"Windows 10 Version 21H1 for x64-based Systems",
"Windows 10 Version 21H1 for 32-bit Systems",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 10 Version 20H2 for 32-bit Systems",
"Windows 10 Version 20H2 for ARM64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "04590.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "04590.04",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4590.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2019",
"Windows 10 Version 1809 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "04010.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "04590.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H1 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H1 for 32-bit Systems",
"Windows 10 Version 20H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 21H1 for x64-based Systems",
"Windows 10 Version 20H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "09115.01",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
},
{
"lessThan": "9115.01",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
},
{
"lessThan": "04590.04",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "30729.8953",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "30729.8953",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 8.1 for x64-based systems",
"Windows 8.1 for 32-bit systems",
"Windows Server 2012 R2",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "30729.8953",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 7 for 32-bit Systems Service Pack 1",
"Windows 7 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "30729.8953",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 7 for 32-bit Systems Service Pack 1",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)",
"Windows 8.1 for 32-bit systems",
"Windows 7 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows RT 8.1",
"Windows 8.1 for x64-based systems"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "04010.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4010.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "04590.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "04010.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "30729.8953",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
],
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "04010.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "04010.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 for x64-based Systems",
"Windows 10 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19624",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-13T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET Framework Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T13:57:58.533Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089"
}
],
"title": ".NET Framework Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41089",
"datePublished": "2022-12-13T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2024-08-03T12:35:49.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35825
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2024-10-21 19:55
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35825",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T19:55:18.625937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T19:55:28.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.50",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.9.24",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.18",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.13",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2012 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "11.0.61252.0",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.40699.0",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27552.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.7",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-09T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T21:28:23.433Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-35825",
"datePublished": "2022-08-09T20:12:22",
"dateReserved": "2022-07-13T00:00:00",
"dateUpdated": "2024-10-21T19:55:28.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23381
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2024-08-02 10:28
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T17:49:25.568186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:49:29.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.24",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.19",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.13",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.52",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.5",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.40700.0",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27555.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:05:38.184Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-23381",
"datePublished": "2023-02-14T20:09:59.470Z",
"dateReserved": "2023-01-11T22:08:03.134Z",
"dateUpdated": "2024-08-02T10:28:40.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33127
Vulnerability from cvelistv5
Published
2023-07-11 17:03
Modified
2024-08-02 15:39
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.20",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.23",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.17",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.9",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.5",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.13",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.6",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-11T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220: Insufficient Granularity of Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:58:25.472Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127"
}
],
"title": ".NET and Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33127",
"datePublished": "2023-07-11T17:03:05.826Z",
"dateReserved": "2023-05-17T21:16:44.895Z",
"dateUpdated": "2024-08-02T15:39:35.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}