All the vulnerabilites related to Microsoft - Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
cve-2023-29356
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 14:07
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.2.1.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.4.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.2.2.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.4.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.2.1.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.23
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.15
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.11
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.4
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.33
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:45.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.1.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.2.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.1.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.23",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.15",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.11",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.4",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.33",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-15T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T20:21:53.074Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-29356",
    "datePublished": "2023-06-16T00:44:27.384Z",
    "dateReserved": "2023-04-04T22:34:18.384Z",
    "dateUpdated": "2024-08-02T14:07:45.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-32027
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 15:03
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.4.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.2.2.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.2.1.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.4.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.2.1.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.33
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.23
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.15
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.11
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.4
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:03:28.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.2.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.1.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.1.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.33",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.23",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.15",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.11",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.4",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-15T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T20:21:54.773Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-32027",
    "datePublished": "2023-06-16T00:44:29.549Z",
    "dateReserved": "2023-05-01T15:34:52.132Z",
    "dateUpdated": "2024-08-02T15:03:28.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28936
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:41
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft SQL Server 2019 (CU 25) Version: 15.0.0   < 15.0.4360.2
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2019 (GDR) Version: 15.0.0   < 15.0.2110.4
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2022 (GDR) Version: 16.0.0   < 16.0.1115.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.35
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.9 Version: 17.0   < 17.9.6
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.18
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.14
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28936",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-01T19:04:55.282290Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:40.417Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.507Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:04.585Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28936",
    "datePublished": "2024-04-09T17:00:28.756Z",
    "dateReserved": "2024-03-13T01:26:53.037Z",
    "dateUpdated": "2024-10-09T01:41:04.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36793
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2024-08-02 17:01
Summary
Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.21
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.30
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.13
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft .NET 7.0 Version: 7.0.0   < 7.0.13
    cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.24
    cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
Microsoft PowerShell 7.2 Version: 7.2.0   < 7.2.12
    cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.7 Version: 17.7.0   < 17.6.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.8 Version: 4.8.0   < 4.8.04667.02
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8 Version: 4.8.0   < 4.8.04667.03
Version: 4.8.0   < 4.8.04667.02
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Version: 3.0.0.0   < 10.0.14393.6252
    cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Version: 4.7.0   < 4.7.04063.05
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Version: 4.7.0   < 4.7.04063.02
Version: 4.7.0   < 4.7.04063.01
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Version: 4.8.1   < 4.8.09186.01
Version: 4.8.1   < 4.8.09186.0
    cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2 Version: 4.7.0   < 4.7.04063.01
    cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Version: 4.7.0   < 10.0.10240.20162
    cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Version: 2.0.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Version: 3.0.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 Version: 3.5.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5.1 Version: 3.5.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36793",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T15:20:19.558478Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:25:44.719Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.57",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.21",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.30",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.13",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.24",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.12",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.9",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.7",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.9",
              "status": "affected",
              "version": "17.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows Server 2016 (Server Core installation)",
            "Windows Server 2016",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012 R2 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04667.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2022",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows Server 2019",
            "Windows Server 2022 (Server Core installation)",
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows Server 2019 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04667.03",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.04667.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2016",
            "Windows Server 2016 (Server Core installation)",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows 10 Version 1607 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6252",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows Server 2019 (Server Core installation)",
            "Windows Server 2019"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04063.05",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04063.02",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.04063.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.09186.01",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.09186.0",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04063.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 for 32-bit Systems",
            "Windows 10 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 and 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20162",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 2.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 3.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-09-12T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T02:41:12.204Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36793",
    "datePublished": "2023-09-12T16:58:40.256Z",
    "dateReserved": "2023-06-27T15:11:59.872Z",
    "dateUpdated": "2024-08-02T17:01:09.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-41032
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2024-08-03 12:35
Summary
NuGet Client Elevation of Privilege Vulnerability
Impacted products
Vendor Product Version
Microsoft .NET Core 3.1 Version: 3.1   < 3.1.30
    cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.9
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.20
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.26
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.15
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.3 Version: 17.0.0   < 17.3.6
    cpe:2.3:a:microsoft:visual_studio_2022:17.3:*:*:*:*:*:*:*
Microsoft Visual Studio 2022 for Mac version 17.3 Version: 17.3   < 17.3.7
    cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:macos:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:35:47.829Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032"
          },
          {
            "name": "FEDORA-2022-f9ca76e479",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3/"
          },
          {
            "name": "FEDORA-2022-7f5f9ede26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5/"
          },
          {
            "name": "FEDORA-2022-2c37647a9c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.10",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET Core 3.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.1.30",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.9",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.20",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.26",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.15",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.3:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.3.6",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:macos:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Visual Studio 2022 for Mac version 17.3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.3.7",
              "status": "affected",
              "version": "17.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-10-11T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "NuGet Client Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T17:23:42.524Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032"
        },
        {
          "name": "FEDORA-2022-f9ca76e479",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3/"
        },
        {
          "name": "FEDORA-2022-7f5f9ede26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5/"
        },
        {
          "name": "FEDORA-2022-2c37647a9c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM/"
        }
      ],
      "title": "NuGet Client Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-41032",
    "datePublished": "2022-10-11T00:00:00",
    "dateReserved": "2022-09-19T00:00:00",
    "dateUpdated": "2024-08-03T12:35:47.829Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-41119
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2024-08-07 13:57
Summary
Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < 15.9.51
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.21
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.3 Version: 17.0.0   < 17.3.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.3:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.16
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:35:49.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41119",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T20:17:21.236549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:57:30.329Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.10",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.51",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.21",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.3:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.3.7",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.16",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-11-08T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T14:02:06.120Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-41119",
    "datePublished": "2022-11-09T00:00:00",
    "dateReserved": "2022-09-19T00:00:00",
    "dateUpdated": "2024-08-07T13:57:30.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28933
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.9 Version: 17.0   < 17.9.6
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.18
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.14
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft SQL Server 2019 (CU 25) Version: 15.0.0   < 15.0.4360.2
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2022 for (CU 12) Version: 16.0.0   < 16.0.4120.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2019 (GDR) Version: 15.0.0   < 15.0.2110.4
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2022 (GDR) Version: 16.0.0   < 16.0.1115.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T15:37:19.711302Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:12.885Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:48.973Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28933",
    "datePublished": "2024-04-09T17:01:13.955Z",
    "dateReserved": "2024-03-13T01:26:53.034Z",
    "dateUpdated": "2024-10-09T01:41:48.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36792
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2024-08-02 17:01
Summary
Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.21
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.30
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.13
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.24
    cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
Microsoft .NET 7.0 Version: 7.0.0   < 7.0.13
    cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft PowerShell 7.2 Version: 7.2.0   < 7.2.12
    cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.7 Version: 17.7.0   < 17.6.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.8 Version: 4.8.0   < 4.8.04667.02
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8 Version: 4.8.0   < 4.8.04667.03
Version: 4.8.0   < 4.8.04667.02
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Version: 4.7.0   < 4.7.04063.05
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Version: 3.0.0.0   < 10.0.14393.6252
    cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Version: 4.7.0   < 4.7.04063.01
Version: 4.7.0   < 4.7.04063.02
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Version: 4.8.1   < 4.8.09186.01
Version: 4.8.1   < 4.8.09186.0
    cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2 Version: 4.7.0   < 4.7.04063.01
    cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Version: 4.7.0   < 10.0.10240.20162
    cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Version: 2.0.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Version: 3.0.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 Version: 3.5.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5.1 Version: 3.5.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36792",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-28T14:00:38.974579Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-28T14:00:45.881Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.57",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.21",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.30",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.13",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.24",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.9",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.12",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.7",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.9",
              "status": "affected",
              "version": "17.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2016",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2016 (Server Core installation)",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows Server 2012"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04667.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows Server 2019",
            "Windows Server 2022 (Server Core installation)",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows Server 2022",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows Server 2019 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04667.03",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.04667.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows Server 2019 (Server Core installation)",
            "Windows Server 2019"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04063.05",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2016 (Server Core installation)",
            "Windows Server 2016",
            "Windows 10 Version 1607 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6252",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2012 R2",
            "Windows Server 2012",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04063.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.04063.02",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.09186.01",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.09186.0",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04063.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 for 32-bit Systems",
            "Windows 10 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 and 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20162",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 2.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for x64-based Systems Service Pack 2",
            "Windows Server 2008 for 32-bit Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 3.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
          ],
          "product": "Microsoft .NET Framework 3.5.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-09-12T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T02:41:12.722Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36792",
    "datePublished": "2023-09-12T16:58:40.779Z",
    "dateReserved": "2023-06-27T15:11:59.871Z",
    "dateUpdated": "2024-08-02T17:01:09.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-43590
Vulnerability from cvelistv5
Published
2024-10-08 17:36
Modified
2024-12-10 18:46
Summary
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43590",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T18:34:14.182011Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T18:34:32.825Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Visual C++ Redistributable Installer",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.40.33816",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.67",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.41",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.20",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.15",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.8",
              "status": "affected",
              "version": "17.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.11",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.11.5",
              "status": "affected",
              "version": "17.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_c_plus_plus_redistributable_installer:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "14.40.33816",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.67",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.41",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.20",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.15",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.8",
                  "versionStartIncluding": "17.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.11.5",
                  "versionStartIncluding": "17.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T18:46:23.393Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43590"
        }
      ],
      "title": "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-43590",
    "datePublished": "2024-10-08T17:36:14.169Z",
    "dateReserved": "2024-08-14T01:08:33.548Z",
    "dateUpdated": "2024-12-10T18:46:23.393Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36794
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2024-08-02 17:01
Summary
Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.21
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.30
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.13
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft PowerShell 7.2 Version: 7.2.0   < 7.2.12
    cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.24
    cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
Microsoft .NET 7.0 Version: 7.0.0   < 7.0.13
    cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.7 Version: 17.7.0   < 17.6.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.8 Version: 4.8.0   < 4.8.04667.02
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8 Version: 4.8.0   < 4.8.04667.02
Version: 4.8.0   < 4.8.04667.03
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Version: 4.7.0   < 4.7.04063.05
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Version: 3.0.0.0   < 10.0.14393.6252
    cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Version: 4.7.0   < 4.7.04063.01
Version: 4.7.0   < 4.7.04063.02
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Version: 4.8.1   < 4.8.09186.01
Version: 4.8.1   < 4.8.09186.0
    cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2 Version: 4.7.0   < 4.7.04063.01
    cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Version: 4.7.0   < 10.0.10240.20162
    cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Version: 3.0.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Version: 2.0.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 Version: 3.5.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5.1 Version: 3.5.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36794",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T15:55:22.038287Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T15:55:32.545Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.543Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.57",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.21",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.30",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.13",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.12",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.24",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.9",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.7",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.9",
              "status": "affected",
              "version": "17.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2016 (Server Core installation)",
            "Windows Server 2016",
            "Windows Server 2012 R2 (Server Core installation)",
            "Windows Server 2012 (Server Core installation)",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 R2"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04667.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows Server 2019 (Server Core installation)",
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows Server 2019",
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04667.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.04667.03",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows Server 2019",
            "Windows Server 2019 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04063.05",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows Server 2016",
            "Windows Server 2016 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6252",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 R2",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04063.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.04063.02",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.09186.01",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.09186.0",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
            "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04063.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 for x64-based Systems",
            "Windows 10 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 and 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20162",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 3.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 2.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2012",
            "Windows Server 2012 R2",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-09-12T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T02:41:11.685Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36794",
    "datePublished": "2023-09-12T16:58:39.719Z",
    "dateReserved": "2023-06-27T15:11:59.873Z",
    "dateUpdated": "2024-08-02T17:01:09.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-23381
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2024-08-02 10:28
Summary
Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.19
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.13
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < 15.9.52
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.5
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40700.0
    cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27555.0
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-23381",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T17:49:25.568186Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T17:49:29.460Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:28:40.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.24",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.19",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.13",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.52",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.5",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40700.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27555.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T02:05:38.184Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-23381",
    "datePublished": "2023-02-14T20:09:59.470Z",
    "dateReserved": "2023-01-11T22:08:03.134Z",
    "dateUpdated": "2024-08-02T10:28:40.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-33139
Vulnerability from cvelistv5
Published
2023-06-13 23:25
Modified
2024-10-02 16:39
Summary
Visual Studio Information Disclosure Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.16
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.27
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.22
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.8
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40702.0
    cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27554.0
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.3
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33139",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T16:39:22.157046Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T16:39:30.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.55",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.16",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.27",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.22",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.8",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40702.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27554.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.3",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Information Disclosure Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T20:21:51.371Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
        }
      ],
      "title": "Visual Studio Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-33139",
    "datePublished": "2023-06-13T23:25:55.404Z",
    "dateReserved": "2023-05-17T21:16:44.896Z",
    "dateUpdated": "2024-10-02T16:39:30.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36897
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2024-09-11 18:58
Summary
Visual Studio Tools for Office Runtime Spoofing Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft 365 Apps for Enterprise Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
    cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*
Microsoft Microsoft Office LTSC 2021 Version: 16.0.1   < https://aka.ms/OfficeSecurityReleases
    cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < 15.9.56
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.18
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.29
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.10
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.6
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Visual Studio 2010 Tools for Office Runtime Version: 10.0.0   < 10.0.60910
    cpe:2.3:a:microsoft:visual_studio_2010_tools_for_office_runtime:-:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Tools for Office Runtime Spoofing Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36897",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T18:55:48.486878Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T18:58:02.478Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.56",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.18",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.29",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.10",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.6",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2010_tools_for_office_runtime:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Visual Studio 2010 Tools for Office Runtime",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.60910",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Tools for Office Runtime Spoofing Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T01:33:03.908Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Tools for Office Runtime Spoofing Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
        }
      ],
      "title": "Visual Studio Tools for Office Runtime Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36897",
    "datePublished": "2023-08-08T17:08:53.174Z",
    "dateReserved": "2023-06-27T20:28:49.988Z",
    "dateUpdated": "2024-09-11T18:58:02.478Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28931
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:41
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft SQL Server 2019 (CU 25) Version: 15.0.0   < 15.0.4360.2
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2019 (GDR) Version: 15.0.0   < 15.0.2110.4
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2022 (GDR) Version: 16.0.0   < 16.0.1115.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.35
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.9 Version: 17.0   < 17.9.6
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.18
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.14
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28931",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-25T00:11:41.299849Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:59.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.172Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:03.578Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28931",
    "datePublished": "2024-04-09T17:00:27.649Z",
    "dateReserved": "2024-03-13T01:26:53.031Z",
    "dateUpdated": "2024-10-09T01:41:03.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-34716
Vulnerability from cvelistv5
Published
2022-08-09 19:55
Modified
2024-08-03 09:15
Summary
.NET Spoofing Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.24
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.18
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.13
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.8
    cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
Microsoft .NET Core 3.1 Version: 3.1   < 3.1.28
    cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*
Microsoft PowerShell 7.0 Version: 7.0.0   < 7.0.12
    cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*
Microsoft PowerShell 7.2 Version: 7.2.0   < 7.2.6
    cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:15:16.112Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": ".NET Spoofing Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.50",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.7",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.24",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.18",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.13",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.8",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET Core 3.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.1.28",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.12",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.6",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-08-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET Spoofing Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-20T21:27:59.001Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET Spoofing Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716"
        }
      ],
      "title": ".NET Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-34716",
    "datePublished": "2022-08-09T19:55:43",
    "dateReserved": "2022-06-27T00:00:00",
    "dateUpdated": "2024-08-03T09:15:16.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-29349
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 14:07
Summary
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft OLE DB Driver 19 for SQL Server Version: 19.0.0   < 19.3.0001.0
    cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.33
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.23
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.15
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.11
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.4
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.2.1.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.2.1.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.4.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Version: 17.0.0.0   < 17.10.4.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.2.2.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.4.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:45.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.6.0006.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0001.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.33",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.23",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.15",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.11",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.4",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.1.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.1.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.2.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-15T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T20:21:55.324Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349"
        }
      ],
      "title": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-29349",
    "datePublished": "2023-06-16T00:44:38.243Z",
    "dateReserved": "2023-04-04T22:34:18.382Z",
    "dateUpdated": "2024-08-02T14:07:45.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28937
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft SQL Server 2022 (GDR) Version: 16.0.0   < 16.0.1115.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft SQL Server 2019 (CU 25) Version: 15.0.0   < 15.0.4360.2
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2022 for (CU 12) Version: 16.0.0   < 16.0.4120.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.35
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.18
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.9 Version: 17.0   < 17.9.6
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.14
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28937",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T20:00:06.674591Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:48.747Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:50.635Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28937",
    "datePublished": "2024-04-09T17:01:15.620Z",
    "dateReserved": "2024-03-13T01:26:53.037Z",
    "dateUpdated": "2024-10-09T01:41:50.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-42277
Vulnerability from cvelistv5
Published
2021-11-10 00:47
Modified
2024-08-04 03:30
Summary
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Impacted products
Vendor Product Version
Microsoft Windows Server 2019 Version: 10.0.0   < 10.0.17763.2300
    cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*
Microsoft Windows Server 2019 (Server Core installation) Version: 10.0.0   < 10.0.17763.2300
    cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1909 Version: 10.0.0   < 10.0.18363.1916
    cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1916:*:*:*:*:*:x64:*
Microsoft Windows 10 Version 21H1 Version: 10.0.0   < 10.0.19043.1348
    cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:arm64:*
    cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x86:*
Microsoft Windows Server 2022 Version: 10.0.0   < 10.0.20348.350
    cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*
Microsoft Windows 10 Version 2004 Version: 10.0.0   < 10.0.19041.1348
    cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1348:*:*:*:*:*:x64:*
Microsoft Windows Server version 2004 Version: 10.0.0   < 10.0.19041.1348
    cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*
Microsoft Windows 10 Version 20H2 Version: 10.0.0   < 10.0.19042.1348
    cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:arm64:*
Microsoft Windows Server version 20H2 Version: 10.0.0   < 10.0.19041.1348
    cpe:2.3:o:microsoft:windows_server_20H2:10.0.19041.1348:*:*:*:*:*:*:*
Microsoft Windows 11 version 21H2 Version: 10.0.0   < 10.0.22000.318
    cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:arm64:*
Microsoft Windows 10 Version 1507 Version: 10.0.0   < 10.0.10240.19119
    cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x64:*
Microsoft Windows 10 Version 1607 Version: 10.0.0   < 10.0.14393.4770
    cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x64:*
Microsoft Windows Server 2016 Version: 10.0.0   < 10.0.14393.4770
    cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*
Microsoft Windows Server 2016 (Server Core installation) Version: 10.0.0   < 10.0.14393.4770
    cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < 15.9.41
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Version: 16.0.0   < 16.7.21
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.13
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.6
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 27550.00
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:30:37.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1306/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2300",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2300",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2300",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1916:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1909",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.18363.1916",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 21H1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19043.1348",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.350",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1348:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19041.1348",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19041.1348",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19042.1348",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19041.1348:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19041.1348",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.318",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.19119",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.4770",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.4770",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.4770",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.41",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.7.21",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.13",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.6",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "27550.00",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-11-09T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T14:47:57.294Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1306/"
        }
      ],
      "title": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-42277",
    "datePublished": "2021-11-10T00:47:02",
    "dateReserved": "2021-10-12T00:00:00",
    "dateUpdated": "2024-08-04T03:30:37.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-29117
Vulnerability from cvelistv5
Published
2022-05-10 20:34
Modified
2024-08-03 06:10
Summary
.NET and Visual Studio Denial of Service Vulnerability
Impacted products
Vendor Product Version
Microsoft .NET Core 3.1 Version: 3.1   < 3.1.25
    cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*
Microsoft .NET 5.0 Version: 5.0.0   < 5.0.17
    cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.10
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.21
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.1 Version: 17.0.0   < 17.1.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.14
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:10:59.422Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117"
          },
          {
            "name": "FEDORA-2022-d69fee9f38",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/"
          },
          {
            "name": "FEDORA-2022-9a1d5ea33c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/"
          },
          {
            "name": "FEDORA-2022-256d559f0c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.5",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET Core 3.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.1.25",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 5.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.0.17",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.10",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.21",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.1.7",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.14",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-05-10T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET and Visual Studio Denial of Service Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T14:27:38.581Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117"
        },
        {
          "name": "FEDORA-2022-d69fee9f38",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/"
        },
        {
          "name": "FEDORA-2022-9a1d5ea33c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/"
        },
        {
          "name": "FEDORA-2022-256d559f0c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/"
        }
      ],
      "title": ".NET and Visual Studio Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-29117",
    "datePublished": "2022-05-10T20:34:23",
    "dateReserved": "2022-04-12T00:00:00",
    "dateUpdated": "2024-08-03T06:10:59.422Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-30184
Vulnerability from cvelistv5
Published
2022-06-15 21:52
Modified
2024-09-10 15:57
Summary
.NET and Visual Studio Information Disclosure Vulnerability
Impacted products
Vendor Product Version
Microsoft .NET Core 3.1 Version: 3.1   < 3.1.26
    cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.22
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Visual Studio 2019 for Mac version 8.10 Version: 8.1.0   < 17.0.2
    cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.16
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.11
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.4
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft NuGet.exe Version: 6.0.0   < 6.2.0
    cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*
Microsoft Visual Studio 2022 for Mac version 17.0 Version: 17.0.0   < 17.0.2
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:40:47.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184"
          },
          {
            "name": "FEDORA-2022-cd37732349",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNH4AC3LFVX35MDRX5OBZDGD2AMH66K/"
          },
          {
            "name": "FEDORA-2022-5508547b1e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET Core 3.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.1.26",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.22",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Visual Studio 2019 for Mac version 8.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.2",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.16",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.11",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.4",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet.exe",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.0",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Visual Studio 2022 for Mac version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.2",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-06-14T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET and Visual Studio Information Disclosure Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T15:57:25.636Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184"
        },
        {
          "name": "FEDORA-2022-cd37732349",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNH4AC3LFVX35MDRX5OBZDGD2AMH66K/"
        },
        {
          "name": "FEDORA-2022-5508547b1e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2/"
        }
      ],
      "title": ".NET and Visual Studio Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-30184",
    "datePublished": "2022-06-15T21:52:20",
    "dateReserved": "2022-05-03T00:00:00",
    "dateUpdated": "2024-09-10T15:57:25.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-32026
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 15:03
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Version: 17.0.0.0   < 17.10.4.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.2.1.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.2.2.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.2.1.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.4.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.33
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.23
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.15
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.11
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.4
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:03:28.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.1.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.2.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.1.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.33",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.23",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.15",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.11",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.4",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-15T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T20:21:54.201Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-32026",
    "datePublished": "2023-06-16T00:44:29.037Z",
    "dateReserved": "2023-05-01T15:34:52.131Z",
    "dateUpdated": "2024-08-02T15:03:28.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-29145
Vulnerability from cvelistv5
Published
2022-05-10 20:34
Modified
2024-08-03 06:10
Summary
.NET and Visual Studio Denial of Service Vulnerability
Impacted products
Vendor Product Version
Microsoft .NET Core 3.1 Version: 3.1   < 3.1.25
    cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*
Microsoft .NET 5.0 Version: 5.0.0   < 5.0.17
    cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.1 Version: 17.0.0   < 17.1.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.21
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.10
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.14
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:10:59.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29145"
          },
          {
            "name": "FEDORA-2022-d69fee9f38",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/"
          },
          {
            "name": "FEDORA-2022-9a1d5ea33c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/"
          },
          {
            "name": "FEDORA-2022-256d559f0c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.5",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET Core 3.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.1.25",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 5.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.0.17",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.1.7",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.21",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.10",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.14",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-05-10T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET and Visual Studio Denial of Service Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T14:27:48.275Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29145"
        },
        {
          "name": "FEDORA-2022-d69fee9f38",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/"
        },
        {
          "name": "FEDORA-2022-9a1d5ea33c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/"
        },
        {
          "name": "FEDORA-2022-256d559f0c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/"
        }
      ],
      "title": ".NET and Visual Studio Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-29145",
    "datePublished": "2022-05-10T20:34:56",
    "dateReserved": "2022-04-12T00:00:00",
    "dateUpdated": "2024-08-03T06:10:59.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-41089
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 12:35
Summary
.NET Framework Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.22
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.17
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.3
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.12
    cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
Microsoft .NET Core 3.1 Version: 3.1   < 3.1.32
    cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*
Microsoft .NET 7.0 Version: 7.0.0   < 7.0.1
    cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*
Microsoft PowerShell 7.2 Version: 7.2.0   < 7.2.9
    cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
Microsoft PowerShell 7.3 Version: 7.3.0   < 7.3.2
    cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.8 Version: 4.8.0   < 04590.02
Version: 4.8.0   < 4590.03
Version: 4.8.0   < 04590.03
Version: 4.8.0   < 04590.04
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8 Version: 4.8.0   < 04590.02
Version: 4.8.0   < 04590.04
Version: 4.8.0   < 4590.02
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Version: 4.7.0   < 04010.02
Version: 4.7.0   < 04590.02
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Version: 4.8.1   < 09115.01
Version: 4.8.1   < 9115.01
Version: 4.8.1   < 04590.04
    cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Version: 2.0.0   < 30729.8953
    cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Version: 3.0.0   < 30729.8953
    cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 Version: 3.5.0   < 30729.8953
    cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5.1 Version: 3.5.0   < 30729.8953
    cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Version: 4.7.0   < 04010.02
Version: 4.7.0   < 4010.03
Version: 4.7.0   < 04590.03
Version: 4.7.0   < 04010.03
Version: 4.7.0   < 30729.8953
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2 Version: 4.7.0   < 04010.02
Version: 4.7.0   < 04010.03
    cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.6/4.6.2 Version: 10.0.0   < 10.0.10240.19624
    cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:35:49.218Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.11",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.22",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.17",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.3",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET Core 3.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.1.32",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.3.2",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2012 R2",
            "Windows Server 2012 (Server Core installation)",
            "Windows 8.1 for 32-bit systems",
            "Windows Server 2016",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2012",
            "Windows Server 2016 (Server Core installation)",
            "Windows 7 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows 7 for 32-bit Systems Service Pack 1",
            "Windows Server 2012 R2 (Server Core installation)",
            "Windows RT 8.1",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows 8.1 for x64-based systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 22H2 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "04590.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4590.03",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "04590.03",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "04590.04",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows Server 2019",
            "Windows Server 2019 (Server Core installation)",
            "Windows 10 Version 21H1 for ARM64-based Systems",
            "Windows 10 Version 21H1 for x64-based Systems",
            "Windows 10 Version 21H1 for 32-bit Systems",
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 10 Version 20H2 for 32-bit Systems",
            "Windows 10 Version 20H2 for ARM64-based Systems",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "04590.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "04590.04",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4590.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows Server 2019 (Server Core installation)",
            "Windows Server 2019",
            "Windows 10 Version 1809 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "04010.02",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "04590.02",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H1 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H1 for 32-bit Systems",
            "Windows 10 Version 20H2 for ARM64-based Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 21H1 for x64-based Systems",
            "Windows 10 Version 20H2 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "09115.01",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "9115.01",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "04590.04",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 2.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "30729.8953",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for x64-based Systems Service Pack 2",
            "Windows Server 2008 for 32-bit Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 3.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "30729.8953",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 8.1 for x64-based systems",
            "Windows 8.1 for 32-bit systems",
            "Windows Server 2012 R2",
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "30729.8953",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 7 for 32-bit Systems Service Pack 1",
            "Windows 7 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "30729.8953",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 7 for 32-bit Systems Service Pack 1",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)",
            "Windows 8.1 for 32-bit systems",
            "Windows 7 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows RT 8.1",
            "Windows 8.1 for x64-based systems"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "04010.02",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4010.03",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "04590.03",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "04010.03",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "30729.8953",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
            "Windows Server 2008 for x64-based Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "04010.02",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "04010.03",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 for x64-based Systems",
            "Windows 10 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.19624",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-12-13T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET Framework Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T13:57:58.533Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089"
        }
      ],
      "title": ".NET Framework Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-41089",
    "datePublished": "2022-12-13T00:00:00",
    "dateReserved": "2022-09-19T00:00:00",
    "dateUpdated": "2024-08-03T12:35:49.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-0057
Vulnerability from cvelistv5
Published
2024-01-09 17:56
Modified
2024-10-08 15:39
Summary
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
Impacted products
Vendor Product Version
Microsoft .NET 7.0 Version: 7.0.0   < 7.0.15
    cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.26
    cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.23
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.34
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.15
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.11
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.4
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft NuGet 5.11.0 Version: 5.11.0   < 5.11.6.0
    cpe:2.3:a:microsoft:nuget:5.11.0:*:*:*:*:*:*:*
Microsoft NuGet 17.4.0 Version: 17.4.0   < 17.4.3.0
    cpe:2.3:a:microsoft:nuget:17.4.0:*:*:*:*:*:*:*
Microsoft NUGET 17.6.0 Version: 17.6.0   < 17.6.2.0
    cpe:2.3:a:microsoft:nuget:17.6.0:*:*:*:*:*:*:*
Microsoft NuGet 17.8.0 Version: 17.8.0   < 17.8.1.0
    cpe:2.3:a:microsoft:nuget:17.8.0:*:*:*:*:*:*:*
Microsoft PowerShell 7.2 Version: 7.2.0   < 7.2.18
    cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
Microsoft PowerShell 7.3 Version: 7.3.0   < 7.3.11
    cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*
Microsoft PowerShell 7.4 Version: 7.4.0   < 7.4.2
    cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.8 Version: 4.8.0   < 4.8.04690.02
Version: 4.8.0   < 4.8.04690.01
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8 Version: 4.8.0   < 4.8.04690.02
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Version: 4.7.0   < 4.7.04081.03
Version: 4.7.0   < 10.0.14393.6614
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Version: 4.7.0   < 4.7.04081.02
Version: 4.7.0   < 4.7.04081.03
Version: 4.7.0   < 3.0.50727.8976
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Version: 4.8.1   < 4.8.09214.01
    cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Version: 2.0.0   < 3.0.50727.8976
    cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Version: 3.0.0   < 3.0.50727.8976
    cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:15.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240208-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.1",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.26",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.23",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.34",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.15",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.11",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.4",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:nuget:5.11.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet 5.11.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.11.6.0",
              "status": "affected",
              "version": "5.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:nuget:17.4.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet 17.4.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.3.0",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:nuget:17.6.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "NUGET 17.6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.2.0",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:nuget:17.8.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet 17.8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.1.0",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.18",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.3.11",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2016",
            "Windows Server 2016 (Server Core installation)",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04690.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.04690.01",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows Server 2019",
            "Windows Server 2019 (Server Core installation)",
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04690.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows Server 2019",
            "Windows Server 2019 (Server Core installation)",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2016 (Server Core installation)",
            "Windows Server 2016"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04081.03",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.14393.6614",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04081.02",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.04081.03",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.0.50727.8976",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 11 Version 23H2 for ARM64-based Systems",
            "Windows 11 Version 23H2 for x64-based Systems",
            "Windows Server 2022, 23H2 Edition (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.09214.01",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 2.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.50727.8976",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 3.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.50727.8976",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-01-09T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-08T15:39:52.262Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057"
        }
      ],
      "title": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-0057",
    "datePublished": "2024-01-09T17:56:59.552Z",
    "dateReserved": "2023-11-22T17:43:37.319Z",
    "dateUpdated": "2024-10-08T15:39:52.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-35827
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2024-10-21 19:25
Summary
Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.13
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < 15.9.50
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27552.0
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.18
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.24
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40699.0
    cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2012 Update 5 Version: 11.0.0   < 11.0.61252.0
    cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:44:22.086Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-35827",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T19:23:43.503677Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T19:25:36.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.7",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.13",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.50",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27552.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.18",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.24",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40699.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2012 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "11.0.61252.0",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-08-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-20T21:28:24.514Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-35827",
    "datePublished": "2022-08-09T20:12:50",
    "dateReserved": "2022-07-13T00:00:00",
    "dateUpdated": "2024-10-21T19:25:36.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-24513
Vulnerability from cvelistv5
Published
2022-04-15 19:03
Modified
2024-08-03 04:13
Summary
Visual Studio Elevation of Privilege Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Version: 16.0.0   < 16.7.27
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.23
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Visual Studio 2019 for Mac version 8.10 Version: 8.1.0   < 8.10.24
    cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.16
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.12
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.1 Version: 17.0.0   < 17.1.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*
Microsoft Visual Studio 2022 for Mac version 17.0 Version: 17.0.0   < 17.0.3
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:13:56.028Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.49",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.7.27",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.23",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Visual Studio 2019 for Mac version 8.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.10.24",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.16",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.12",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.1.7",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Visual Studio 2022 for Mac version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.3",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-04-12T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-24T18:27:57.538Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513"
        }
      ],
      "title": "Visual Studio Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-24513",
    "datePublished": "2022-04-15T19:03:40",
    "dateReserved": "2022-02-05T00:00:00",
    "dateUpdated": "2024-08-03T04:13:56.028Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-21815
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2024-08-02 09:51
Summary
Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.13
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.24
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.19
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40700.0
    cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27555.0
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.5
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21815",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T16:14:09.107938Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T16:14:19.107Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:51:51.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.52",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.13",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.24",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.19",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40700.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27555.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.5",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T02:05:20.733Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21815",
    "datePublished": "2023-02-14T20:09:31.025Z",
    "dateReserved": "2022-12-16T22:13:41.244Z",
    "dateUpdated": "2024-08-02T09:51:51.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-32028
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 15:03
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft OLE DB Driver 18 for SQL Server Version: 18.0.0   < 18.6.0006.0
    cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.33
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.23
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.15
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.11
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.4
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:03:28.848Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0001.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.6.0006.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.33",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.23",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.15",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.11",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.4",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-15T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T20:21:55.906Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028"
        }
      ],
      "title": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-32028",
    "datePublished": "2023-06-16T00:44:30.155Z",
    "dateReserved": "2023-05-01T15:34:52.132Z",
    "dateUpdated": "2024-08-02T15:03:28.848Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36759
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2024-08-02 17:01
Summary
Visual Studio Elevation of Privilege Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.30
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.11
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.7 Version: 17.7.0   < 17.7.4
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.7
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.258Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.19",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.30",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.11",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.7",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.7.4",
              "status": "affected",
              "version": "17.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.7",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-09-12T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-822",
              "description": "CWE-822: Untrusted Pointer Dereference",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T02:41:02.027Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759"
        }
      ],
      "title": "Visual Studio Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36759",
    "datePublished": "2023-09-12T16:58:29.748Z",
    "dateReserved": "2023-06-27T15:11:59.867Z",
    "dateUpdated": "2024-08-02T17:01:09.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36796
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2024-08-02 17:01
Summary
Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.7 Version: 17.7.0   < 17.7.6
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < 15.9.57
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.21
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.30
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.13
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40707.0
    cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27559.0
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Microsoft .NET 7.0 Version: 7.0.0   < 7.0.13
    cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.24
    cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
Microsoft PowerShell 7.2 Version: 7.2.0   < 7.2.12
    cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8 Version: 4.8.0   < 4.8.04667.03
Version: 4.8.0   < 4.8.04667.02
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.8 Version: 4.8.0   < 4.8.04667.02
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Version: 4.7.0   < 4.7.04063.05
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Version: 3.0.0.0   < 10.0.14393.6252
    cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Version: 4.7.0   < 4.7.04063.01
Version: 4.7.0   < 4.7.04063.02
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Version: 4.8.1   < 4.8.09186.01
Version: 4.8.1   < 4.8.09186.0
    cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2 Version: 4.7.0   < 4.7.04063.01
    cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Version: 4.7.0   < 10.0.10240.20162
    cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Version: 2.0.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Version: 3.0.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 Version: 3.5.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5.1 Version: 3.5.0   < 3.0.30729.8957
    cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T18:14:53.378773Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:25:47.414Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.9",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.7",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.7.6",
              "status": "affected",
              "version": "17.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.57",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.21",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.30",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.13",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40707.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27559.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.24",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.12",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2022",
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows Server 2022 (Server Core installation)",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows Server 2019",
            "Windows Server 2019 (Server Core installation)",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04667.03",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.04667.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2016 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 R2 (Server Core installation)",
            "Windows Server 2016",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04667.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows Server 2019",
            "Windows Server 2019 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04063.05",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows Server 2016 (Server Core installation)",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2016"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6252",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04063.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.04063.02",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2022 (Server Core installation)",
            "Windows Server 2022",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.09186.01",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.09186.0",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
            "Windows Server 2008 for x64-based Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04063.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 for x64-based Systems",
            "Windows 10 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 and 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20162",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 2.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 3.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
          ],
          "product": "Microsoft .NET Framework 3.5.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8957",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-09-12T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T02:41:11.166Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36796",
    "datePublished": "2023-09-12T16:58:39.186Z",
    "dateReserved": "2023-06-27T15:11:59.873Z",
    "dateUpdated": "2024-08-02T17:01:09.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-35826
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2024-10-21 19:26
Summary
Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.24
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.18
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.13
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2012 Update 5 Version: 11.0.0   < 11.0.61252.0
    cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40699.0
    cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27552.0
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:44:22.069Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-35826",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T19:26:13.774576Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T19:26:26.305Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.50",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.24",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.18",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.13",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2012 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "11.0.61252.0",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40699.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27552.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.7",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-08-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-20T21:28:24.007Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-35826",
    "datePublished": "2022-08-09T20:12:36",
    "dateReserved": "2022-07-13T00:00:00",
    "dateUpdated": "2024-10-21T19:26:26.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-30052
Vulnerability from cvelistv5
Published
2024-06-11 17:00
Modified
2024-08-02 01:25
Summary
Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.37
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.20
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.16
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.11
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.10 Version: 17.10   < 17.10.2
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-30052",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T18:40:08.702742Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-11T18:40:17.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:25:02.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30052"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.63",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.37",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.20",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.16",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.11",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.2",
              "status": "affected",
              "version": "17.10",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693: Protection Mechanism Failure",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T21:13:46.822Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30052"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-30052",
    "datePublished": "2024-06-11T17:00:10.658Z",
    "dateReserved": "2024-03-22T23:12:13.409Z",
    "dateUpdated": "2024-08-02T01:25:02.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26434
Vulnerability from cvelistv5
Published
2021-09-15 11:23
Modified
2024-08-03 20:26
Summary
Visual Studio Elevation of Privilege Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: 16.0   < 16.4.26
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Version: 16.0.0   < 16.7.19
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.11
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.3
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.193Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1077/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.39",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.4.26",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.7.19",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.11",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.3",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-14T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-28T19:37:25.359Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1077/"
        }
      ],
      "title": "Visual Studio Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-26434",
    "datePublished": "2021-09-15T11:23:00",
    "dateReserved": "2021-01-29T00:00:00",
    "dateUpdated": "2024-08-03T20:26:25.193Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-43877
Vulnerability from cvelistv5
Published
2021-12-15 14:15
Modified
2024-08-04 04:10
Summary
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.15
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.8
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.3
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft ASP.NET Core 3.1 Version: 3.0   < 3.1.22
    cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*
Microsoft ASP.NET Core 5.0 Version: 5.0   < 5.0.13
    cpe:2.3:a:microsoft:asp.net_core:5.0:*:*:*:*:*:*:*
Microsoft ASP.NET Core 6.0 Version: 6.0   < 6.0.101
    cpe:2.3:a:microsoft:asp.net_core:6.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.1 Version: 17.0.0   < 17.1.4
    cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:17.113Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.7.23",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.15",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.8",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.3",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "ASP.NET Core 3.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.1.22",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:asp.net_core:5.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "ASP.NET Core 5.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.0.13",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:asp.net_core:6.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "ASP.NET Core 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.101",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.1.4",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-12-14T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T14:44:33.540Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877"
        }
      ],
      "title": "ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-43877",
    "datePublished": "2021-12-15T14:15:31",
    "dateReserved": "2021-11-16T00:00:00",
    "dateUpdated": "2024-08-04T04:10:17.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28938
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft SQL Server 2019 (CU 25) Version: 15.0.0   < 15.0.4360.2
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2019 (GDR) Version: 15.0.0   < 15.0.2110.4
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2022 (GDR) Version: 16.0.0   < 16.0.1115.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.35
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.9 Version: 17.0   < 17.9.6
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.18
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.14
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28938",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T17:30:59.430193Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:20.638Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:51.130Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28938",
    "datePublished": "2024-04-09T17:01:16.170Z",
    "dateReserved": "2024-03-13T01:26:53.037Z",
    "dateUpdated": "2024-10-09T01:41:51.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-41355
Vulnerability from cvelistv5
Published
2021-10-13 00:28
Modified
2024-08-04 03:08
Summary
.NET Core and Visual Studio Information Disclosure Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.12
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.5
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft .NET 5.0 Version: 5.0.0   < 5.0.11
    cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:08:32.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41355"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.1.5",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.12",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.5",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 5.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.0.11",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-10-12T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET Core and Visual Studio Information Disclosure Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T14:52:18.055Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41355"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        }
      ],
      "title": ".NET Core and Visual Studio Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-41355",
    "datePublished": "2021-10-13T00:28:19",
    "dateReserved": "2021-09-17T00:00:00",
    "dateUpdated": "2024-08-04T03:08:32.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21986
Vulnerability from cvelistv5
Published
2022-02-09 16:36
Modified
2024-08-03 03:00
Summary
.NET Denial of Service Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.10
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.6
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Visual Studio 2019 for Mac version 8.10 Version: 8.1.0   < 8.10.18
    cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*
Microsoft .NET 5.0 Version: 5.0.0   < 5.0.14
    cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.2
    cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:00:54.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": ".NET Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.17",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.10",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.6",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Visual Studio 2019 for Mac version 8.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.10.18",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 5.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.0.14",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.2",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-02-08T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET Denial of Service Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-21T00:41:26.052Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986"
        }
      ],
      "title": ".NET Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-21986",
    "datePublished": "2022-02-09T16:36:32",
    "dateReserved": "2021-12-16T00:00:00",
    "dateUpdated": "2024-08-03T03:00:54.541Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-24512
Vulnerability from cvelistv5
Published
2022-03-09 17:08
Modified
2024-08-03 04:13
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.18
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.11
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft .NET 5.0 Version: 5.0.0   < 5.0.15
    cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.3
    cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
Microsoft .NET Core 3.1 Version: 3.1   < 3.1.23
    cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*
Microsoft PowerShell 7.2 Version: 7.2.0   < 7.2.2
    cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
Microsoft PowerShell 7.0 Version: 7.0.0   < 7.0.9
    cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*
Microsoft PowerShell 7.1 Version: 7.1.0   < 7.1.6
    cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:13:56.019Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.7.26",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.18",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.11",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.7",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 5.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.0.15",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.3",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET Core 3.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.1.23",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.9",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.1.6",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-03-08T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-21T00:31:55.947Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
        }
      ],
      "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-24512",
    "datePublished": "2022-03-09T17:08:15",
    "dateReserved": "2022-02-05T00:00:00",
    "dateUpdated": "2024-08-03T04:13:56.019Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-28299
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2024-08-02 12:38
Summary
Visual Studio Spoofing Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.15
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.26
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.21
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.5 Version: 17.5.0   < 17.5.4
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:38:23.931Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Spoofing Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.54",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.15",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.26",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.21",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.7",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.5.4",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-04-11T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Spoofing Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T01:56:38.064Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Spoofing Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299"
        }
      ],
      "title": "Visual Studio Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-28299",
    "datePublished": "2023-04-11T19:13:59.381Z",
    "dateReserved": "2023-03-13T22:23:36.189Z",
    "dateUpdated": "2024-08-02T12:38:23.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-28262
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2024-10-07 15:40
Summary
Visual Studio Elevation of Privilege Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.26
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.21
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.5 Version: 17.5.0   < 17.5.4
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:30:24.747Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28262"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28262",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-07T15:40:10.106998Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-07T15:40:19.632Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.15",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.26",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.21",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.7",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.5.4",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-04-11T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T01:56:35.985Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28262"
        }
      ],
      "title": "Visual Studio Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-28262",
    "datePublished": "2023-04-11T19:13:57.191Z",
    "dateReserved": "2023-03-13T22:18:32.393Z",
    "dateUpdated": "2024-10-07T15:40:19.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28929
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:41
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft SQL Server 2022 for (CU 12) Version: 16.0.0   < 16.0.4120.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2019 (GDR) Version: 15.0.0   < 15.0.2110.4
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2022 (GDR) Version: 16.0.0   < 16.0.1115.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.35
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.9 Version: 17.0   < 17.9.6
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.18
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.14
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28929",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T16:11:54.498743Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-29T20:29:04.530Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:03.086Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28929",
    "datePublished": "2024-04-09T17:00:27.042Z",
    "dateReserved": "2024-03-13T01:26:53.031Z",
    "dateUpdated": "2024-10-09T01:41:03.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-21566
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2024-08-02 09:44
Summary
Visual Studio Elevation of Privilege Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < 15.9.52
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.5
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.19
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.24
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21566",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-03T20:49:49.481846Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-03T20:49:58.715Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:44:01.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.13",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.52",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.5",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.19",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.24",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-73",
              "description": "CWE-73: External Control of File Name or Path",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T02:05:07.136Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566"
        }
      ],
      "title": "Visual Studio Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21566",
    "datePublished": "2023-02-14T20:09:08.856Z",
    "dateReserved": "2022-12-01T14:00:11.204Z",
    "dateUpdated": "2024-08-02T09:44:01.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-21808
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2024-08-02 09:51
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.19
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < 15.9.52
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.5
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.13
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27555.0
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40700.0
    cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*
Microsoft .NET 7.0 Version: 7.0.0   < 7.0.3
    cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.14
    cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
Microsoft PowerShell 7.2 Version: 7.2.0   < 7.2.10
    cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8 Version: 4.8.0   < 10.0.04614.06
Version: 4.8.0   < 10.0.4614.06
Version: 4.8.0   < 10.0.04614.05
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Version: 4.7.0   < 10.0.04038.03
Version: 4.7.0   < 10.0.14393.5717
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Version: 4.7.0   < 4.7.04614.08
Version: 4.7.0   < 4.7.04038.05
Version: 4.7.0   < 4.7.04038.03
Version: 4.7.0   < 4.7.04038.02
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.8 Version: 4.8.0   < 4.8.04614.05
Version: 4.8.0   < 4.8.04614.03
Version: 4.8.0   < 4.8.4614.08
Version: 4.8.0   < 4.8.4614.07
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Version: 4.8.1   < 10.0.09139.02
    cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2 Version: 4.7.0   < 4.7.04038.06
Version: 4.7.0   < 4.7.4038.05
    cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Version: 4.7.0   < 10.0.10240.19747
    cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:51:50.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.24",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.19",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.52",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.5",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.13",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27555.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40700.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.14",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.10",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows Server 2022",
            "Windows Server 2019 (Server Core installation)",
            "Windows 10 Version 20H2 for ARM64-based Systems",
            "Windows 10 Version 20H2 for 32-bit Systems",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows Server 2022 (Server Core installation)",
            "Windows Server 2019",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2016",
            "Windows Server 2016 (Server Core installation)",
            "Windows 10 Version 22H2 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.04614.06",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.4614.06",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.04614.05",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows Server 2019",
            "Windows Server 2019 (Server Core installation)",
            "Windows Server 2016 (Server Core installation)",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows Server 2016"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.04038.03",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.14393.5717",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 R2 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04614.08",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.04038.05",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.04038.03",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.04038.02",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2012 R2 (Server Core installation)",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2012 R2",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04614.05",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.04614.03",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.4614.08",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.4614.07",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2022 (Server Core installation)",
            "Windows Server 2022",
            "Windows 10 Version 20H2 for 32-bit Systems",
            "Windows 10 Version 20H2 for ARM64-based Systems",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 22H2 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.09139.02",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
            "Windows Server 2008 for x64-based Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04038.06",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.4038.05",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 for 32-bit Systems",
            "Windows 10 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 and 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.19747",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T02:05:18.735Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808"
        }
      ],
      "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21808",
    "datePublished": "2023-02-14T20:09:27.030Z",
    "dateReserved": "2022-12-16T22:13:41.241Z",
    "dateUpdated": "2024-08-02T09:51:50.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28930
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft SQL Server 2022 for (CU 12) Version: 16.0.0   < 16.0.4120.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2019 (GDR) Version: 15.0.0   < 15.0.2110.4
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2022 (GDR) Version: 16.0.0   < 16.0.1115.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.35
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.9 Version: 17.0   < 17.9.6
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.18
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.14
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-18T15:43:31.008624Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-08T15:35:37.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:48.369Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28930",
    "datePublished": "2024-04-09T17:01:13.416Z",
    "dateReserved": "2024-03-13T01:26:53.031Z",
    "dateUpdated": "2024-10-09T01:41:48.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-28296
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2024-08-02 12:38
Summary
Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.15
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.26
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.21
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.5 Version: 17.5.0   < 17.5.4
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:38:24.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.54",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.15",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.26",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.21",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.7",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.5.4",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-04-11T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "CWE-415: Double Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T01:56:37.551Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-28296",
    "datePublished": "2023-04-11T19:13:58.852Z",
    "dateReserved": "2023-03-13T22:23:36.188Z",
    "dateUpdated": "2024-08-02T12:38:24.531Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-43603
Vulnerability from cvelistv5
Published
2024-10-08 17:36
Modified
2024-12-10 18:46
Summary
Visual Studio Collector Service Denial of Service Vulnerability
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T18:35:39.922024Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T19:27:12.025Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.11",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.11.5",
              "status": "affected",
              "version": "17.11",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.67",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.41",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.20",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.15",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.8",
              "status": "affected",
              "version": "17.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27561.00",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.11.5",
                  "versionStartIncluding": "17.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.67",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.41",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.20",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.15",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.8",
                  "versionStartIncluding": "17.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                  "versionEndExcluding": "14.0.27561.00",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Collector Service Denial of Service Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T18:46:26.201Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Collector Service Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603"
        }
      ],
      "title": "Visual Studio Collector Service Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-43603",
    "datePublished": "2024-10-08T17:36:17.098Z",
    "dateReserved": "2024-08-14T01:08:33.551Z",
    "dateUpdated": "2024-12-10T18:46:26.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-35777
Vulnerability from cvelistv5
Published
2022-08-09 19:59
Modified
2024-08-03 09:44
Summary
Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.24
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.18
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.13
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2012 Update 5 Version: 11.0.0   < 11.0.61252.0
    cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40699.0
    cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27552.0
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:44:21.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.50",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.24",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.18",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.13",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2012 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "11.0.61252.0",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40699.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27552.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.7",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-08-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-20T21:28:07.977Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-35777",
    "datePublished": "2022-08-09T19:59:23",
    "dateReserved": "2022-07-13T00:00:00",
    "dateUpdated": "2024-08-03T09:44:21.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-35825
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2024-10-21 19:55
Summary
Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.24
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.18
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.13
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2012 Update 5 Version: 11.0.0   < 11.0.61252.0
    cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40699.0
    cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27552.0
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:44:22.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-35825",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T19:55:18.625937Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T19:55:28.427Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.50",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.24",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.18",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.13",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2012 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "11.0.61252.0",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40699.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27552.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.7",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-08-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-20T21:28:23.433Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-35825",
    "datePublished": "2022-08-09T20:12:22",
    "dateReserved": "2022-07-13T00:00:00",
    "dateUpdated": "2024-10-21T19:55:28.427Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28935
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft SQL Server 2022 for (CU 12) Version: 16.0.0   < 16.0.4120.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2019 (GDR) Version: 15.0.0   < 15.0.2110.4
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2022 (GDR) Version: 16.0.0   < 16.0.1115.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.35
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.9 Version: 17.0   < 17.9.6
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.18
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.14
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-12T12:55:55.302963Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:37.151Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.452Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:50.105Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28935",
    "datePublished": "2024-04-09T17:01:15.096Z",
    "dateReserved": "2024-03-13T01:26:53.036Z",
    "dateUpdated": "2024-10-09T01:41:50.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-28263
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2024-08-02 12:30
Summary
Visual Studio Information Disclosure Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.26
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.21
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.5 Version: 17.5.0   < 17.5.4
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28263",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-12T15:43:42.993245Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-12T15:43:49.201Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:30:24.687Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.15",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.26",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.21",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.7",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.5.4",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-04-11T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Information Disclosure Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "CWE-170: Improper Null Termination",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T01:56:36.505Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263"
        }
      ],
      "title": "Visual Studio Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-28263",
    "datePublished": "2023-04-11T19:13:57.714Z",
    "dateReserved": "2023-03-13T22:18:32.393Z",
    "dateUpdated": "2024-08-02T12:30:24.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-29060
Vulnerability from cvelistv5
Published
2024-06-11 16:59
Modified
2024-08-02 01:03
Summary
Visual Studio Elevation of Privilege Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < 15.9.63
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.37
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.20
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.16
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.11
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29060",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T18:59:22.420493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-11T18:59:37.398Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.658Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29060"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.2",
              "status": "affected",
              "version": "17.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.63",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.37",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.20",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.16",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.11",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T21:13:25.945Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29060"
        }
      ],
      "title": "Visual Studio Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-29060",
    "datePublished": "2024-06-11T16:59:48.371Z",
    "dateReserved": "2024-03-14T23:05:27.954Z",
    "dateUpdated": "2024-08-02T01:03:51.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28932
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:41
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft SQL Server 2019 (CU 25) Version: 15.0.0   < 15.0.4360.2
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2019 (GDR) Version: 15.0.0   < 15.0.2110.4
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2022 (GDR) Version: 16.0.0   < 16.0.1115.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.35
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.9 Version: 17.0   < 17.9.6
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.18
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.14
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28932",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T18:08:26.723573Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T18:08:37.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:04.136Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28932",
    "datePublished": "2024-04-09T17:00:28.215Z",
    "dateReserved": "2024-03-13T01:26:53.031Z",
    "dateUpdated": "2024-10-09T01:41:04.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28934
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft SQL Server 2019 (CU 25) Version: 15.0.0   < 15.0.4360.2
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2019 (GDR) Version: 15.0.0   < 15.0.2110.4
    cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Microsoft SQL Server 2022 (GDR) Version: 16.0.0   < 16.0.1115.1
    cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.6.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.3.3.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.35
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.18
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.9 Version: 17.0   < 17.9.6
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.14
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.9
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0:*:*:*:*:linux:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "odbc_driver_for_sql_server",
            "vendor": "microsoft",
            "versions": [
              {
                "lessThan": "18.3.3.1",
                "status": "affected",
                "version": "18.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:microsoft:sql_server:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sql_server",
            "vendor": "microsoft",
            "versions": [
              {
                "status": "affected",
                "version": "15.0.2000.5"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T15:04:37.242018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:16.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.518Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:49.555Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28934",
    "datePublished": "2024-04-09T17:01:14.516Z",
    "dateReserved": "2024-03-13T01:26:53.036Z",
    "dateUpdated": "2024-10-09T01:41:49.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-21567
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2024-08-02 09:44
Summary
Visual Studio Denial of Service Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.19
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.24
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < 15.9.52
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.5
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21567",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T15:38:10.306172Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:19:47.290Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:44:01.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.13",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.19",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.24",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.52",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.5",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Denial of Service Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T02:05:07.715Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567"
        }
      ],
      "title": "Visual Studio Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21567",
    "datePublished": "2023-02-14T20:09:09.644Z",
    "dateReserved": "2022-12-01T14:00:11.204Z",
    "dateUpdated": "2024-08-02T09:44:01.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-24897
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2024-09-27 19:43
Summary
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.16
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.27
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.22
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.8
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40700.0
    cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27555.0
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Microsoft .NET 7.0 Version: 7.0.0   < 7.0.7
    cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.18
    cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.3
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft PowerShell 7.2 Version: 7.2.0   < 7.2.12
    cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8 Version: 4.8.0   < 4.8.4644.0
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.8 Version: 4.8.0   < 4.8.4644.0
    cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Version: 4.7.0   < 4.7.4050.0
Version: 4.7.0   < 4.8.4644.0
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Version: 3.0.0.0   < 10.0.14393.5989
    cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Version: 4.7.0   < 4.7.04043.0
Version: 4.7.0   < 4.7.4050.0
    cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Version: 4.8.1   < 4.8.9166.0
    cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 4.6.2 Version: 4.7.0   < 4.7.04043.0
Version: 4.7.0   < 4.7.4050.0
    cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Version: 4.7.0   < 10.0.10240.19983
    cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:11:43.453Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-24897",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T19:43:18.398305Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T19:43:32.943Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.55",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.16",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.27",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.22",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.8",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40700.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27555.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.18",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.3",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.12",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows Server 2019 (Server Core installation)",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows Server 2019",
            "Windows 10 Version 1809 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.4644.0",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows Server 2012",
            "Windows Server 2016",
            "Windows Server 2016 (Server Core installation)",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2012 R2 (Server Core installation)",
            "Windows Server 2012 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.4644.0",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows Server 2019",
            "Windows Server 2019 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.4050.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.4644.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2016",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2016 (Server Core installation)",
            "Windows 10 Version 1607 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5989",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04043.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.4050.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.9166.0",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04043.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.4050.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Windows 10 for 32-bit Systems",
            "Windows 10 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 and 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.19983",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T20:21:45.757Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
        }
      ],
      "title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-24897",
    "datePublished": "2023-06-14T14:52:10.089Z",
    "dateReserved": "2023-01-31T20:32:35.472Z",
    "dateUpdated": "2024-09-27T19:43:32.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-35272
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2024-12-10 19:15
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35272",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T18:38:18.225584Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-09T18:38:24.277Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:07:46.938Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.66",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.40",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.19",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.14",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.7",
              "status": "affected",
              "version": "17.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.11",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.11.3",
              "status": "affected",
              "version": "17.11",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2116.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "13.0.6441.1",
              "status": "affected",
              "version": "13.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "13.0.7037.1",
              "status": "affected",
              "version": "13.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2017 (CU 31)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.3471.2",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1121.4",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft SQL Server 2019 for x64-based Systems (CU 27)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4382.1",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 13)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4131.2",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.66",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.40",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.19",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.14",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.7",
                  "versionStartIncluding": "17.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.11.3",
                  "versionStartIncluding": "17.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "15.0.2116.2",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                  "versionEndExcluding": "13.0.6441.1",
                  "versionStartIncluding": "13.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                  "versionEndExcluding": "13.0.7037.1",
                  "versionStartIncluding": "13.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
                  "versionEndExcluding": "14.0.3471.2",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "16.0.1121.4",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "15.0.4382.1",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "16.0.4131.2",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-07-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T19:15:07.508Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272"
        }
      ],
      "title": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-35272",
    "datePublished": "2024-07-09T17:02:44.609Z",
    "dateReserved": "2024-05-14T20:14:47.415Z",
    "dateUpdated": "2024-12-10T19:15:07.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20656
Vulnerability from cvelistv5
Published
2024-01-09 17:57
Modified
2024-10-08 15:39
Summary
Visual Studio Elevation of Privilege Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.23
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.33
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.15
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.11
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27560.00
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20656",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-30T18:27:10.585358Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-18T20:58:39.220Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.344Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.59",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.23",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.33",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.15",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.11",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27560.00",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-01-09T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-08T15:39:54.529Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656"
        }
      ],
      "title": "Visual Studio Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-20656",
    "datePublished": "2024-01-09T17:57:01.850Z",
    "dateReserved": "2023-11-28T22:58:12.114Z",
    "dateUpdated": "2024-10-08T15:39:54.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-24767
Vulnerability from cvelistv5
Published
2022-04-12 17:51
Modified
2024-10-01 14:53
Summary
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:50.454Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-24767",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-31T15:23:28.548160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-427",
                "description": "CWE-427 Uncontrolled Search Path Element",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T14:53:40.641Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2022 version 17.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u00e2\u20ac\u201c 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GitHub: Git for Windows\u0027 uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-15T19:58:54",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24767",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2022 version 17.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u00e2\u20ac\u201c 16.6)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2022 version 17.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GitHub: Git for Windows\u0027 uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-24767",
    "datePublished": "2022-04-12T17:51:04",
    "dateReserved": "2022-02-10T00:00:00",
    "dateUpdated": "2024-10-01T14:53:40.641Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-32025
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 15:03
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Version: 18.0.0.0   < 18.2.1.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Version: 17.0.0.0   < 17.10.4.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Version: 18.0.0.0   < 18.2.2.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Version: 18.0.0.0   < 18.2.1.1
    cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Version: 17.0.0.0   < 17.10.4.1
    cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.33
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.23
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.15
    cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.11
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.4
    cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:03:28.785Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.1.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.2.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.2.1.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.4.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.33",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.23",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.15",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.11",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.4",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-15T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T20:21:53.646Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-32025",
    "datePublished": "2023-06-16T00:44:28.480Z",
    "dateReserved": "2023-05-01T15:34:52.131Z",
    "dateUpdated": "2024-08-02T15:03:28.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-38013
Vulnerability from cvelistv5
Published
2022-09-13 00:00
Modified
2024-08-03 10:37
Summary
.NET Core and Visual Studio Denial of Service Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.3 Version: 17.0.0   < 17.3.4
    cpe:2.3:a:microsoft:visual_studio_2022:17.3:*:*:*:*:*:*:*
Microsoft .NET Core 3.1 Version: 3.1   < 3.1.29
    cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.9
    cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.19
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.25
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.14
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.8
    cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:37:42.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013"
          },
          {
            "name": "FEDORA-2022-980d492c98",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE/"
          },
          {
            "name": "FEDORA-2022-847c67b3cd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M/"
          },
          {
            "name": "FEDORA-2022-d80b1d2827",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y/"
          },
          {
            "name": "FEDORA-2022-34a610d9bf",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG/"
          },
          {
            "name": "FEDORA-2022-13046bb867",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:macos:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Visual Studio 2022 for Mac version 17.3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.3.5",
              "status": "affected",
              "version": "17.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.3:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.3.4",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET Core 3.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.1.29",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.9",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.19",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.25",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.14",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.8",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-13T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET Core and Visual Studio Denial of Service Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T14:11:38.022Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013"
        },
        {
          "name": "FEDORA-2022-980d492c98",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE/"
        },
        {
          "name": "FEDORA-2022-847c67b3cd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M/"
        },
        {
          "name": "FEDORA-2022-d80b1d2827",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y/"
        },
        {
          "name": "FEDORA-2022-34a610d9bf",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG/"
        },
        {
          "name": "FEDORA-2022-13046bb867",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY/"
        }
      ],
      "title": ".NET Core and Visual Studio Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-38013",
    "datePublished": "2022-09-13T00:00:00",
    "dateReserved": "2022-08-08T00:00:00",
    "dateUpdated": "2024-08-03T10:37:42.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-24464
Vulnerability from cvelistv5
Published
2022-03-09 17:07
Modified
2024-08-03 04:13
Summary
.NET and Visual Studio Denial of Service Vulnerability
Impacted products
Vendor Product Version
Microsoft .NET 5.0 Version: 5.0.0   < 5.0.15
    cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
Microsoft .NET Core 3.1 Version: 3.1   < 3.1.23
    cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Version: 16.0.0   < 16.7.26
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.18
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.11
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:13:55.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": ".NET and Visual Studio Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.3",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 5.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.0.15",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET Core 3.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.1.23",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.7.26",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.18",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.11",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.7",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-03-08T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET and Visual Studio Denial of Service Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-21T00:31:56.437Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET and Visual Studio Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
        }
      ],
      "title": ".NET and Visual Studio Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-24464",
    "datePublished": "2022-03-09T17:07:46",
    "dateReserved": "2022-02-05T00:00:00",
    "dateUpdated": "2024-08-03T04:13:55.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-23267
Vulnerability from cvelistv5
Published
2022-05-10 20:33
Modified
2024-08-03 03:36
Summary
.NET and Visual Studio Denial of Service Vulnerability
Impacted products
Vendor Product Version
Microsoft .NET 5.0 Version: 5.0.0   < 5.0.17
    cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.21
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Visual Studio 2019 for Mac version 8.10 Version: 8.1.0   < 8.10.24
    cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.14
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.10
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.5
    cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2022 version 17.1 Version: 17.0.0   < 17.1.7
    cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*
Microsoft PowerShell 7.0 Version: 7.0.0   < 7.0.11
    cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*
Microsoft PowerShell 7.2 Version: 7.2.0   < 7.2.4
    cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
Microsoft Visual Studio 2022 for Mac version 17.0 Version: 17.0.0   < 17.0.3
    cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:36:20.350Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267"
          },
          {
            "name": "FEDORA-2022-d69fee9f38",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/"
          },
          {
            "name": "FEDORA-2022-9a1d5ea33c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/"
          },
          {
            "name": "FEDORA-2022-256d559f0c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET Core 3.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.1.25",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 5.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.0.17",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.21",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Visual Studio 2019 for Mac version 8.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.10.24",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.14",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.10",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.5",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.1.7",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Visual Studio 2022 for Mac version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.3",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-05-10T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET and Visual Studio Denial of Service Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T14:27:19.793Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267"
        },
        {
          "name": "FEDORA-2022-d69fee9f38",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/"
        },
        {
          "name": "FEDORA-2022-9a1d5ea33c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/"
        },
        {
          "name": "FEDORA-2022-256d559f0c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/"
        }
      ],
      "title": ".NET and Visual Studio Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-23267",
    "datePublished": "2022-05-10T20:33:32",
    "dateReserved": "2022-01-15T00:00:00",
    "dateUpdated": "2024-08-03T03:36:20.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-42319
Vulnerability from cvelistv5
Published
2021-11-10 00:47
Modified
2024-08-04 03:30
Summary
Visual Studio Elevation of Privilege Vulnerability
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Version: 16.0.0   < 16.7.21
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.13
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.6
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:30:38.244Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42319"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.41",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.7.21",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.13",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.6",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-11-09T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T14:47:45.942Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42319"
        }
      ],
      "title": "Visual Studio Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-42319",
    "datePublished": "2021-11-10T00:47:41",
    "dateReserved": "2021-10-12T00:00:00",
    "dateUpdated": "2024-08-04T03:30:38.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}