Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-1446
Vulnerability from csaf_certbund
Published
2023-06-13 22:00
Modified
2023-09-25 22:00
Summary
Microsoft Developer Tools: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Microsoft .NET Framework ist eine Komponente des Microsoft Windows-Betriebssystems, das die Erstellung und Ausführung von Softwareanwendungen und Webdiensten ermöglicht. Es beinhaltet sowohl eine Laufzeitumgebung als auch ein Framework von Klassenbibliotheken (APIs), u. a. für die Programmiersprache ASP (ASP.NET), den Datenzugriff (ADO.NET), intelligente Clientanwendungen (Windows Forms) und weitere.
Microsoft Azure DevOps Server ist eine Plattform für kollaborative Softwareprojekte.
NuGet ist ein Programm für die Verteilung von Software.
Microsoft Visual Studio ist eine integrierte Entwicklungsumgebung für Hochsprachen.
Visual Studio Code ist ein Quelltext-Editor von Microsoft.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Microsoft .NET Framework, Microsoft Azure DevOps Server, Microsoft NuGet, Microsoft Visual Studio und Microsoft Visual Studio Code ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Rechte zu erweitern und Daten zu manipulieren.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Microsoft .NET Framework ist eine Komponente des Microsoft Windows-Betriebssystems, das die Erstellung und Ausf\u00fchrung von Softwareanwendungen und Webdiensten erm\u00f6glicht. Es beinhaltet sowohl eine Laufzeitumgebung als auch ein Framework von Klassenbibliotheken (APIs), u. a. f\u00fcr die Programmiersprache ASP (ASP.NET), den Datenzugriff (ADO.NET), intelligente Clientanwendungen (Windows Forms) und weitere.\r\nMicrosoft Azure DevOps Server ist eine Plattform f\u00fcr kollaborative Softwareprojekte.\r\nNuGet ist ein Programm f\u00fcr die Verteilung von Software.\r\nMicrosoft Visual Studio ist eine integrierte Entwicklungsumgebung f\u00fcr Hochsprachen.\r\nVisual Studio Code ist ein Quelltext-Editor von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Microsoft .NET Framework, Microsoft Azure DevOps Server, Microsoft NuGet, Microsoft Visual Studio und Microsoft Visual Studio Code ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1446 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1446.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1446 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1446"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-306 vom 2023-09-26",
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2023/06.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4449 vom 2023-08-03",
"url": "https://access.redhat.com/errata/RHSA-2023:4449"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4448 vom 2023-08-03",
"url": "https://access.redhat.com/errata/RHSA-2023:4448"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6161-2 vom 2023-06-23",
"url": "https://ubuntu.com/security/notices/USN-6161-2"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-3592 vom 2023-06-17",
"url": "https://linux.oracle.com/errata/ELSA-2023-3592.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-3593 vom 2023-06-17",
"url": "https://linux.oracle.com/errata/ELSA-2023-3593.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-3582 vom 2023-06-16",
"url": "https://linux.oracle.com/errata/ELSA-2023-3582.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-3581 vom 2023-06-15",
"url": "http://linux.oracle.com/errata/ELSA-2023-3581.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3593 vom 2023-06-14",
"url": "https://access.redhat.com/errata/RHSA-2023:3593"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3581 vom 2023-06-14",
"url": "https://access.redhat.com/errata/RHSA-2023:3581"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3580 vom 2023-06-14",
"url": "https://access.redhat.com/errata/RHSA-2023:3580"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3582 vom 2023-06-14",
"url": "https://access.redhat.com/errata/RHSA-2023:3582"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3592 vom 2023-06-14",
"url": "https://access.redhat.com/errata/RHSA-2023:3592"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6161-1 vom 2023-06-13",
"url": "https://ubuntu.com/security/notices/USN-6161-1"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2023-06-13",
"url": "https://msrc.microsoft.com/update-guide"
}
],
"source_lang": "en-US",
"title": "Microsoft Developer Tools: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-09-25T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:52:25.204+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1446",
"initial_release_date": "2023-06-13T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-13T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-06-14T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-15T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-06-18T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-06-25T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-08-02T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-25T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von HITACHI aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Storage Virtual Storage Platform",
"product": {
"name": "Hitachi Storage Virtual Storage Platform",
"product_id": "T020487",
"product_identification_helper": {
"cpe": "cpe:/h:hitachi:storage:virtual_storage_platform"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1",
"product": {
"name": "Microsoft .NET Framework 4.8.1",
"product_id": "1273212",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:4.8.1"
}
}
},
{
"category": "product_name",
"name": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "Microsoft .NET Framework 3.5.1",
"product_id": "130815",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:3.5.1"
}
}
},
{
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2",
"product": {
"name": "Microsoft .NET Framework 4.6.2",
"product_id": "336763",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:4.6.2"
}
}
},
{
"category": "product_name",
"name": "Microsoft .NET Framework 4.7",
"product": {
"name": "Microsoft .NET Framework 4.7",
"product_id": "432554",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:4.7"
}
}
},
{
"category": "product_name",
"name": "Microsoft .NET Framework 4.7.1",
"product": {
"name": "Microsoft .NET Framework 4.7.1",
"product_id": "432555",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:4.7.1"
}
}
},
{
"category": "product_name",
"name": "Microsoft .NET Framework 4.7.2",
"product": {
"name": "Microsoft .NET Framework 4.7.2",
"product_id": "432556",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:4.7.2"
}
}
},
{
"category": "product_name",
"name": "Microsoft .NET Framework 4.8",
"product": {
"name": "Microsoft .NET Framework 4.8",
"product_id": "432557",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:4.8"
}
}
},
{
"category": "product_name",
"name": "Microsoft .NET Framework 3.5",
"product": {
"name": "Microsoft .NET Framework 3.5",
"product_id": "834793",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:3.5:-"
}
}
},
{
"category": "product_name",
"name": "Microsoft .NET Framework 2.0 SP2",
"product": {
"name": "Microsoft .NET Framework 2.0 SP2",
"product_id": "T021515",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:2.0_sp2"
}
}
},
{
"category": "product_name",
"name": "Microsoft .NET Framework 3.0 SP2",
"product": {
"name": "Microsoft .NET Framework 3.0 SP2",
"product_id": "T024564",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:3.0_sp2"
}
}
}
],
"category": "product_name",
"name": ".NET Framework"
},
{
"category": "product_name",
"name": "Microsoft Azure DevOps Server 2020.1.2",
"product": {
"name": "Microsoft Azure DevOps Server 2020.1.2",
"product_id": "1342801",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_devops_server:2020.1.2:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Microsoft NuGet 6.0.4",
"product": {
"name": "Microsoft NuGet 6.0.4",
"product_id": "T028096",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:nuget:6.0.4"
}
}
},
{
"category": "product_name",
"name": "Microsoft NuGet 6.2.3",
"product": {
"name": "Microsoft NuGet 6.2.3",
"product_id": "T028097",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:nuget:6.2.3"
}
}
},
{
"category": "product_name",
"name": "Microsoft NuGet 6.3.2",
"product": {
"name": "Microsoft NuGet 6.3.2",
"product_id": "T028098",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:nuget:6.3.2"
}
}
},
{
"category": "product_name",
"name": "Microsoft NuGet 6.4.1",
"product": {
"name": "Microsoft NuGet 6.4.1",
"product_id": "T028099",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:nuget:6.4.1"
}
}
},
{
"category": "product_name",
"name": "Microsoft NuGet 6.5.0",
"product": {
"name": "Microsoft NuGet 6.5.0",
"product_id": "T028100",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:nuget:6.5.0"
}
}
},
{
"category": "product_name",
"name": "Microsoft NuGet 6.6.0",
"product": {
"name": "Microsoft NuGet 6.6.0",
"product_id": "T028101",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:nuget:6.6.0"
}
}
}
],
"category": "product_name",
"name": "NuGet"
},
{
"category": "product_name",
"name": "Microsoft Visual Studio 2013 Update 5",
"product": {
"name": "Microsoft Visual Studio 2013 Update 5",
"product_id": "T014512",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:visual_studio_2013:update_5"
}
}
},
{
"category": "product_name",
"name": "Microsoft Visual Studio 2015 Update 3",
"product": {
"name": "Microsoft Visual Studio 2015 Update 3",
"product_id": "T014511",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:visual_studio_2015:update_3"
}
}
},
{
"category": "product_name",
"name": "Microsoft Visual Studio 2017 version 15.9",
"product": {
"name": "Microsoft Visual Studio 2017 version 15.9",
"product_id": "T015502",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:visual_studio_2017:version_15.9"
}
}
},
{
"category": "product_name",
"name": "Microsoft Visual Studio 2019 version 16.11",
"product": {
"name": "Microsoft Visual Studio 2019 version 16.11",
"product_id": "T024563",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:visual_studio_2019:version_16.11"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.0",
"product_id": "T026754",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:visual_studio_2022:version_17.0"
}
}
},
{
"category": "product_name",
"name": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.2",
"product_id": "T028102",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:visual_studio_2022:version_17.2"
}
}
},
{
"category": "product_name",
"name": "Microsoft Visual Studio 2022 version 17.4",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.4",
"product_id": "T028103",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:visual_studio_2022:version_17.4"
}
}
},
{
"category": "product_name",
"name": "Microsoft Visual Studio 2022 version 17.5",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.5",
"product_id": "T028104",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:visual_studio_2022:version_17.5"
}
}
},
{
"category": "product_name",
"name": "Microsoft Visual Studio 2022 version 17.6",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.6",
"product_id": "T028105",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:visual_studio_2022:version_17.6"
}
}
}
],
"category": "product_name",
"name": "Visual Studio 2022"
},
{
"category": "product_name",
"name": "Microsoft Visual Studio Code",
"product": {
"name": "Microsoft Visual Studio Code",
"product_id": "699261",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:visual_studio_code:-"
}
}
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-33144",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-33144"
},
{
"cve": "CVE-2023-33141",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-33141"
},
{
"cve": "CVE-2023-33139",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-33139"
},
{
"cve": "CVE-2023-33135",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-33135"
},
{
"cve": "CVE-2023-33128",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-33128"
},
{
"cve": "CVE-2023-33126",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-33126"
},
{
"cve": "CVE-2023-32032",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-32032"
},
{
"cve": "CVE-2023-32030",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-32030"
},
{
"cve": "CVE-2023-29353",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-29353"
},
{
"cve": "CVE-2023-29337",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-29337"
},
{
"cve": "CVE-2023-29331",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-29331"
},
{
"cve": "CVE-2023-29326",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-29326"
},
{
"cve": "CVE-2023-29012",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-29012"
},
{
"cve": "CVE-2023-29011",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-29011"
},
{
"cve": "CVE-2023-29007",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-29007"
},
{
"cve": "CVE-2023-27911",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-27911"
},
{
"cve": "CVE-2023-27910",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-27910"
},
{
"cve": "CVE-2023-27909",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-27909"
},
{
"cve": "CVE-2023-25815",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-25815"
},
{
"cve": "CVE-2023-25652",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-25652"
},
{
"cve": "CVE-2023-24936",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-24936"
},
{
"cve": "CVE-2023-24897",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-24897"
},
{
"cve": "CVE-2023-24895",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-24895"
},
{
"cve": "CVE-2023-21569",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-21569"
},
{
"cve": "CVE-2023-21565",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Microsoft Developer Tools. Die Fehler bestehen u.a. durch mehrere Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Eingabe\u00fcberpr\u00fcfungen und unzureichende \u00dcberpr\u00fcfungen. Die meisten der Schwachstellen sind noch nicht im Detail beschrieben. Zu den betroffenen Komponenten geh\u00f6ren unter anderem AutoDesk und GitHub f\u00fcr Microsoft Visual Studio. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Rechte zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"432555",
"432556",
"T028100",
"432554",
"67646",
"432557",
"T014511",
"T015502",
"T014512",
"130815",
"T004914",
"T020487",
"T021515",
"1342801",
"T024564",
"T024563",
"T028105",
"T028103",
"T028104",
"T028101",
"T028102",
"T028099",
"T028097",
"T028098",
"T028096",
"834793",
"336763",
"699261",
"1273212",
"T000126",
"T026754"
]
},
"release_date": "2023-06-13T22:00:00.000+00:00",
"title": "CVE-2023-21565"
}
]
}
CVE-2023-24936 (GCVE-0-2023-24936)
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-01-01 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T14:48:19.526051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:22.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2016 (Server Core installation)",
"Windows Server 2012 R2 (Server Core installation)",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2012 R2",
"Windows Server 2016"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2022 (Server Core installation)",
"Windows Server 2022",
"Windows Server 2019",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows Server 2019",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5989",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2012 R2",
"Windows Server 2012",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2022 (Server Core installation)",
"Windows Server 2022",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.9166.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for 32-bit Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19983",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2012 R2"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2.16",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.22",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.8",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.18",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.3",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2.12",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.3.5",
"versionStartIncluding": "7.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.4644.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.4644.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.4050.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.5989",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04043.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.9166.0",
"versionStartIncluding": "4.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04043.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.19983",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:43:33.488Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936"
}
],
"title": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-24936",
"datePublished": "2023-06-14T14:52:19.301Z",
"dateReserved": "2023-01-31T20:37:47.257Z",
"dateUpdated": "2025-01-01T01:43:33.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33141 (GCVE-0-2023-33141)
Vulnerability from cvelistv5
Published
2023-06-23 01:25
Modified
2025-01-01 01:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:31:04.509991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:08.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "YARP 1.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.1.2",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "YARP 2.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.0.1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:yet_another_reverse_proxy:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1.2",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:yet_another_reverse_proxy:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.1",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:44:16.872Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33141"
}
],
"title": "Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33141",
"datePublished": "2023-06-23T01:25:57.903Z",
"dateReserved": "2023-05-17T21:16:44.897Z",
"dateUpdated": "2025-01-01T01:44:16.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21565 (GCVE-0-2023-21565)
Vulnerability from cvelistv5
Published
2023-06-13 23:25
Modified
2025-01-01 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Azure DevOps Server Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Azure DevOps Server 2022 |
Version: 20230131.0 < 20230602.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T18:38:46.631479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T18:38:53.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure DevOps Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230602.4",
"status": "affected",
"version": "20230131.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020.1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230601.3",
"status": "affected",
"version": "2020.1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2022.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230602.5",
"status": "affected",
"version": "2022.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230602.4",
"versionStartIncluding": "20230131.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230601.3",
"versionStartIncluding": "2020.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230602.5",
"versionStartIncluding": "2022.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:43:36.030Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure DevOps Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21565"
}
],
"title": "Azure DevOps Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21565",
"datePublished": "2023-06-13T23:25:57.118Z",
"dateReserved": "2022-12-01T14:00:11.204Z",
"dateUpdated": "2025-01-01T01:43:36.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29011 (GCVE-0-2023-29011)
Vulnerability from cvelistv5
Published
2023-04-25 20:40
Modified
2025-02-03 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\etc\connectrc` files on multi-user machines.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| git-for-windows | git |
Version: < 2.40.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jm"
},
{
"name": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T18:07:17.305893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T18:07:25.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "git",
"vendor": "git-for-windows",
"versions": [
{
"status": "affected",
"version": "\u003c 2.40.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`\u0027s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\\etc\\connectrc`. Since `C:\\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `\u003cdrive\u003e:\\etc\\connectrc` files on multi-user machines."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-25T20:40:30.247Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jm"
},
{
"name": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1"
}
],
"source": {
"advisory": "GHSA-g4fv-xjqw-q7jm",
"discovery": "UNKNOWN"
},
"title": "Git for Windows\u0027s config file of `connect.exe` is susceptible to malicious placing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29011",
"datePublished": "2023-04-25T20:40:30.247Z",
"dateReserved": "2023-03-29T17:39:16.143Z",
"dateUpdated": "2025-02-03T18:07:25.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27911 (GCVE-0-2023-27911)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-06 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Heap Buffer Overflow
Summary
A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk FBX SDK |
Version: 2020 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:33:29.717160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:33:38.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Autodesk FBX SDK",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk\u00ae FBX\u00ae SDK 2020 or prior which may lead to code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2023-27911",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-07T00:00:00.000Z",
"dateUpdated": "2025-02-06T15:33:38.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29331 (GCVE-0-2023-29331)
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-02-28 21:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | .NET 6.0 |
Version: 6.0.0 < 6.0.18 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T20:20:14.590937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T21:09:08.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2012",
"Windows Server 2016",
"Windows Server 2012 (Server Core installation)",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2012 R2 (Server Core installation)",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2012 R2",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2022",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2022 (Server Core installation)",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5989",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.9166.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19983",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.18",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.22",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2.16",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.8",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.3",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2.12",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.3.5",
"versionStartIncluding": "7.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.4644.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.4644.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.4050.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.5989",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04043.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.9166.0",
"versionStartIncluding": "4.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04043.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.19983",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:43:49.030Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331"
}
],
"title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-29331",
"datePublished": "2023-06-14T14:52:19.830Z",
"dateReserved": "2023-04-04T22:34:18.378Z",
"dateUpdated": "2025-02-28T21:09:08.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29007 (GCVE-0-2023-29007)
Vulnerability from cvelistv5
Published
2023-04-25 20:09
Modified
2025-02-13 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| git | git |
Version: < 2.30.9 Version: >= 2.31.0, < 2.31.8 Version: >= 2.32.0, < 2.32.7 Version: >= 2.33.0, < 2.33.8 Version: >= 2.34.0, < 2.34.8 Version: >= 2.35.0, < 2.35.8 Version: >= 2.36.0, < 2.36.6 Version: >= 2.37.0, < 2.37.7 Version: >= 2.38.0, < 2.38.5 Version: >= 2.39.0, < 2.39.3 Version: >= 2.40.0, < 2.40.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844"
},
{
"name": "https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4"
},
{
"name": "https://github.com/git/git/blob/9ce9dea4e1c2419cca126d29fa7730baa078a11b/Documentation/RelNotes/2.30.9.txt",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git/git/blob/9ce9dea4e1c2419cca126d29fa7730baa078a11b/Documentation/RelNotes/2.30.9.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-15"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "git",
"vendor": "git",
"versions": [
{
"status": "affected",
"version": "\u003c 2.30.9"
},
{
"status": "affected",
"version": "\u003e= 2.31.0, \u003c 2.31.8"
},
{
"status": "affected",
"version": "\u003e= 2.32.0, \u003c 2.32.7"
},
{
"status": "affected",
"version": "\u003e= 2.33.0, \u003c 2.33.8"
},
{
"status": "affected",
"version": "\u003e= 2.34.0, \u003c 2.34.8"
},
{
"status": "affected",
"version": "\u003e= 2.35.0, \u003c 2.35.8"
},
{
"status": "affected",
"version": "\u003e= 2.36.0, \u003c 2.36.6"
},
{
"status": "affected",
"version": "\u003e= 2.37.0, \u003c 2.37.7"
},
{
"status": "affected",
"version": "\u003e= 2.38.0, \u003c 2.38.5"
},
{
"status": "affected",
"version": "\u003e= 2.39.0, \u003c 2.39.3"
},
{
"status": "affected",
"version": "\u003e= 2.40.0, \u003c 2.40.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user\u0027s `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T10:05:57.735Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844"
},
{
"name": "https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4"
},
{
"name": "https://github.com/git/git/blob/9ce9dea4e1c2419cca126d29fa7730baa078a11b/Documentation/RelNotes/2.30.9.txt",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git/git/blob/9ce9dea4e1c2419cca126d29fa7730baa078a11b/Documentation/RelNotes/2.30.9.txt"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/"
},
{
"url": "https://security.gentoo.org/glsa/202312-15"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html"
}
],
"source": {
"advisory": "GHSA-v48j-4xgg-4844",
"discovery": "UNKNOWN"
},
"title": "Arbitrary configuration injection via `git submodule deinit`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29007",
"datePublished": "2023-04-25T20:09:52.182Z",
"dateReserved": "2023-03-29T17:39:16.142Z",
"dateUpdated": "2025-02-13T16:48:58.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25815 (GCVE-0-2023-25815)
Vulnerability from cvelistv5
Published
2023-04-25 19:51
Modified
2025-02-13 16:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.
This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| git-for-windows | git |
Version: < 2.40.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8"
},
{
"name": "https://github.com/msys2/MINGW-packages/pull/10461",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/msys2/MINGW-packages/pull/10461"
},
{
"name": "https://axcheron.github.io/exploit-101-format-strings/#writing-to-the-stack",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://axcheron.github.io/exploit-101-format-strings/#writing-to-the-stack"
},
{
"name": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1"
},
{
"name": "https://pubs.opengroup.org/onlinepubs/9699919799/functions/printf.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pubs.opengroup.org/onlinepubs/9699919799/functions/printf.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/25/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-15"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "git",
"vendor": "git-for-windows",
"versions": [
{
"status": "affected",
"version": "\u003c 2.40.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function\u0027s implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.\n\nThis vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134: Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T10:05:59.527Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8"
},
{
"name": "https://github.com/msys2/MINGW-packages/pull/10461",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/msys2/MINGW-packages/pull/10461"
},
{
"name": "https://axcheron.github.io/exploit-101-format-strings/#writing-to-the-stack",
"tags": [
"x_refsource_MISC"
],
"url": "https://axcheron.github.io/exploit-101-format-strings/#writing-to-the-stack"
},
{
"name": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1"
},
{
"name": "https://pubs.opengroup.org/onlinepubs/9699919799/functions/printf.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://pubs.opengroup.org/onlinepubs/9699919799/functions/printf.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/25/2"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/"
},
{
"url": "https://security.gentoo.org/glsa/202312-15"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html"
}
],
"source": {
"advisory": "GHSA-9w66-8mq8-5vm8",
"discovery": "UNKNOWN"
},
"title": "Git looks for localized messages in the wrong place"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25815",
"datePublished": "2023-04-25T19:51:38.433Z",
"dateReserved": "2023-02-15T16:34:48.773Z",
"dateUpdated": "2025-02-13T16:44:39.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21569 (GCVE-0-2023-21569)
Vulnerability from cvelistv5
Published
2023-06-13 23:25
Modified
2025-01-01 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
Azure DevOps Server Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Azure DevOps Server 2020.1.2 |
Version: 2020.1.0 < 20230601.3 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T14:04:10.459586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:50:05.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure DevOps Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020.1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230601.3",
"status": "affected",
"version": "2020.1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230602.4",
"status": "affected",
"version": "20230131.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2022.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230602.5",
"status": "affected",
"version": "2022.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230601.3",
"versionStartIncluding": "2020.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230602.4",
"versionStartIncluding": "20230131.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230602.5",
"versionStartIncluding": "2022.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:43:35.391Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure DevOps Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21569"
}
],
"title": "Azure DevOps Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21569",
"datePublished": "2023-06-13T23:25:57.688Z",
"dateReserved": "2022-12-01T14:00:11.204Z",
"dateUpdated": "2025-01-01T01:43:35.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24897 (GCVE-0-2023-24897)
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-01-01 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.55 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T19:43:18.398305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:43:32.943Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.55",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.27",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.40700.0",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27555.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows Server 2019 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows Server 2019",
"Windows 10 Version 1809 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2012",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2012 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2016",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016 (Server Core installation)",
"Windows 10 Version 1607 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5989",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.9166.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19983",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.9.55",
"versionStartIncluding": "15.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2.16",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.27",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.22",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.8",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
"versionEndExcluding": "12.0.40700.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
"versionEndExcluding": "14.0.27555.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.18",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.3",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2.12",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.4644.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.4644.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.4050.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.5989",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04043.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.9166.0",
"versionStartIncluding": "4.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04043.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.19983",
"versionStartIncluding": "4.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:43:32.304Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
}
],
"title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-24897",
"datePublished": "2023-06-14T14:52:10.089Z",
"dateReserved": "2023-01-31T20:32:35.472Z",
"dateUpdated": "2025-01-01T01:43:32.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33139 (GCVE-0-2023-33139)
Vulnerability from cvelistv5
Published
2023-06-13 23:25
Modified
2025-01-01 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
Visual Studio Information Disclosure Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.55 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T16:39:22.157046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T16:39:30.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.55",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.27",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.40702.0",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27554.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.9.55",
"versionStartIncluding": "15.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2.16",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.27",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.22",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.8",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
"versionEndExcluding": "12.0.40702.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
"versionEndExcluding": "14.0.27554.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.3",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:43:39.771Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
}
],
"title": "Visual Studio Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33139",
"datePublished": "2023-06-13T23:25:55.404Z",
"dateReserved": "2023-05-17T21:16:44.896Z",
"dateUpdated": "2025-01-01T01:43:39.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27909 (GCVE-0-2023-27909)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-06 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-bound Write
Summary
An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk FBX SDK |
Version: 2020 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:29.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:12:42.672922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:13:15.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Autodesk FBX SDK",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Out-Of-Bounds Write Vulnerability in Autodesk\u00ae FBX\u00ae SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2023-27909",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-07T00:00:00.000Z",
"dateUpdated": "2025-02-06T16:13:15.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29012 (GCVE-0-2023-29012)
Vulnerability from cvelistv5
Published
2023-04-25 20:44
Modified
2025-02-03 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| git-for-windows | git |
Version: < 2.40.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g"
},
{
"name": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T18:06:28.093151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T18:06:37.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "git",
"vendor": "git-for-windows",
"versions": [
{
"status": "affected",
"version": "\u003c 2.40.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-25T20:44:05.329Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g"
},
{
"name": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1"
}
],
"source": {
"advisory": "GHSA-gq5x-v87v-8f7g",
"discovery": "UNKNOWN"
},
"title": "Git CMD erroneously executes `doskey.exe` in the current directory, if it exists"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29012",
"datePublished": "2023-04-25T20:44:05.329Z",
"dateReserved": "2023-03-29T17:39:16.143Z",
"dateUpdated": "2025-02-03T18:06:37.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29326 (GCVE-0-2023-29326)
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-01-01 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
.NET Framework Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft .NET Framework 3.5 AND 4.8 |
Version: 4.8.0 < 4.8.4644.0 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET Framework Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T19:44:57.546610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:45:17.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5989",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.9166.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19983",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.4644.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.4050.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.5989",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.9166.0",
"versionStartIncluding": "4.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.19983",
"versionStartIncluding": "4.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET Framework Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:43:34.168Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET Framework Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326"
}
],
"title": ".NET Framework Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-29326",
"datePublished": "2023-06-14T14:52:11.778Z",
"dateReserved": "2023-04-04T22:34:18.378Z",
"dateUpdated": "2025-01-01T01:43:34.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33144 (GCVE-0-2023-33144)
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2025-01-01 01:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative Path Traversal
Summary
Visual Studio Code Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Visual Studio Code |
Version: 1.0.0 < 1.79 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T01:26:45.516822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:05.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Visual Studio Code Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Visual Studio Code",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.79",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_code:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.79",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Code Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:44:17.843Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Code Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144"
}
],
"title": "Visual Studio Code Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33144",
"datePublished": "2023-06-13T23:26:28.666Z",
"dateReserved": "2023-05-17T21:16:44.897Z",
"dateUpdated": "2025-01-01T01:44:17.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25652 (GCVE-0-2023-25652)
Vulnerability from cvelistv5
Published
2023-04-25 19:17
Modified
2025-02-13 16:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| git | git |
Version: < 2.30.9 Version: >= 2.31.0, < 2.31.8 Version: >= 2.32.0, < 2.32.7 Version: >= 2.33.0, < 2.33.8 Version: >= 2.34.0, < 2.34.8 Version: >= 2.35.0, < 2.35.8 Version: >= 2.36.0, < 2.36.6 Version: >= 2.37.0, < 2.37.7 Version: >= 2.38.0, < 2.38.5 Version: >= 2.39.0, < 2.39.3 Version: >= 2.40.0, < 2.40.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx"
},
{
"name": "https://github.com/git/git/commit/18e2b1cfc80990719275d7b08e6e50f3e8cbc902",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git/git/commit/18e2b1cfc80990719275d7b08e6e50f3e8cbc902"
},
{
"name": "https://github.com/git/git/commit/668f2d53613ac8fd373926ebe219f2c29112d93e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git/git/commit/668f2d53613ac8fd373926ebe219f2c29112d93e"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/25/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BSXOGVVBJLYX26IAYX6PJSYQB36BREWH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-15"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-05T19:56:20.962435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T16:44:34.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "git",
"vendor": "git",
"versions": [
{
"status": "affected",
"version": "\u003c 2.30.9"
},
{
"status": "affected",
"version": "\u003e= 2.31.0, \u003c 2.31.8"
},
{
"status": "affected",
"version": "\u003e= 2.32.0, \u003c 2.32.7"
},
{
"status": "affected",
"version": "\u003e= 2.33.0, \u003c 2.33.8"
},
{
"status": "affected",
"version": "\u003e= 2.34.0, \u003c 2.34.8"
},
{
"status": "affected",
"version": "\u003e= 2.35.0, \u003c 2.35.8"
},
{
"status": "affected",
"version": "\u003e= 2.36.0, \u003c 2.36.6"
},
{
"status": "affected",
"version": "\u003e= 2.37.0, \u003c 2.37.7"
},
{
"status": "affected",
"version": "\u003e= 2.38.0, \u003c 2.38.5"
},
{
"status": "affected",
"version": "\u003e= 2.39.0, \u003c 2.39.3"
},
{
"status": "affected",
"version": "\u003e= 2.40.0, \u003c 2.40.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T10:05:52.311Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx"
},
{
"name": "https://github.com/git/git/commit/18e2b1cfc80990719275d7b08e6e50f3e8cbc902",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git/git/commit/18e2b1cfc80990719275d7b08e6e50f3e8cbc902"
},
{
"name": "https://github.com/git/git/commit/668f2d53613ac8fd373926ebe219f2c29112d93e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git/git/commit/668f2d53613ac8fd373926ebe219f2c29112d93e"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/25/2"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BSXOGVVBJLYX26IAYX6PJSYQB36BREWH/"
},
{
"url": "https://security.gentoo.org/glsa/202312-15"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html"
}
],
"source": {
"advisory": "GHSA-2hvf-7c8p-28fx",
"discovery": "UNKNOWN"
},
"title": "\"git apply --reject\" partially-controlled arbitrary file write"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25652",
"datePublished": "2023-04-25T19:17:35.315Z",
"dateReserved": "2023-02-09T20:58:21.856Z",
"dateUpdated": "2025-02-13T16:44:34.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33126 (GCVE-0-2023-33126)
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2025-01-01 01:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | .NET 6.0 |
Version: 6.0.0 < 6.0.18 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T14:17:17.554630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T14:17:47.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.18",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2.16",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.22",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.8",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.3",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2.12",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:44:12.050Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126"
}
],
"title": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33126",
"datePublished": "2023-06-13T23:26:22.404Z",
"dateReserved": "2023-05-17T21:16:44.895Z",
"dateUpdated": "2025-01-01T01:44:12.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29337 (GCVE-0-2023-29337)
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-01-01 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Summary
NuGet Client Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | NuGet 6.2.3 |
Version: 6.0.0 < 6.2.4 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T01:31:31.741189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:28.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "NuGet Client Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "NuGet 6.2.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.4",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "NuGet 6.4.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.4.2",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "NuGet 6.5.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.5.1",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "NuGet 6.3.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.3",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "NuGet 6.0.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.5",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "NuGet 6.6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.6.0",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "NuGet 5.11.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.11.5",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.4",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.2",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "NuGet Client Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:43:51.455Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "NuGet Client Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337"
}
],
"title": "NuGet Client Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-29337",
"datePublished": "2023-06-14T14:52:20.370Z",
"dateReserved": "2023-04-04T22:34:18.380Z",
"dateUpdated": "2025-01-01T01:43:51.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29353 (GCVE-0-2023-29353)
Vulnerability from cvelistv5
Published
2023-06-13 23:25
Modified
2025-01-01 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Sysinternals Process Monitor for Windows Denial of Service Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Windows Sysinternals Process Monitor |
Version: 1.0 < 3.94 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:30:42.981560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:26.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Sysinternals Process Monitor for Windows Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Windows Sysinternals Process Monitor",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.94",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Sysinternals Suite",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2023.6",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_sysinternals_process_monitor:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.94",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_sysinternals_suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.6",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Sysinternals Process Monitor for Windows Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:43:31.792Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Sysinternals Process Monitor for Windows Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29353"
}
],
"title": "Sysinternals Process Monitor for Windows Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-29353",
"datePublished": "2023-06-13T23:25:52.551Z",
"dateReserved": "2023-04-04T22:34:18.383Z",
"dateUpdated": "2025-01-01T01:43:31.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33135 (GCVE-0-2023-33135)
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2025-01-01 01:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
.NET and Visual Studio Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | .NET 6.0 |
Version: 6.0.0 < 6.0.18 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T14:58:48.967130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T14:59:00.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.18",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2.16",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.22",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.8",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.3",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:44:15.801Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135"
}
],
"title": ".NET and Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33135",
"datePublished": "2023-06-13T23:26:26.390Z",
"dateReserved": "2023-05-17T21:16:44.896Z",
"dateUpdated": "2025-01-01T01:44:15.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24895 (GCVE-0-2023-24895)
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-01-01 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | .NET 7.0 |
Version: 7.0.0 < 7.0.7 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T14:58:02.929435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T14:58:08.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:42.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2012 (Server Core installation)",
"Windows Server 2016",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2012",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2012 R2"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows Server 2019",
"Windows Server 2022 (Server Core installation)",
"Windows Server 2019 (Server Core installation)",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2022",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 22H2 for ARM64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5989",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.9166.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19983",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.22",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2.16",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.8",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.3",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2.12",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.3.5",
"versionStartIncluding": "7.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.4644.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.4644.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.4050.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.5989",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04043.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.9166.0",
"versionStartIncluding": "4.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04043.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.19983",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:43:32.903Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895"
}
],
"title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-24895",
"datePublished": "2023-06-14T14:52:18.749Z",
"dateReserved": "2023-01-31T20:32:35.471Z",
"dateUpdated": "2025-01-01T01:43:32.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27910 (GCVE-0-2023-27910)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-06 15:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Stack Buffer Overflow
Summary
A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk FBX SDK |
Version: 2020 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:43:22.504093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:44:29.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Autodesk FBX SDK",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk\u00ae FBX\u00ae SDK 2020 or prior which may lead to code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2023-27910",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-07T00:00:00.000Z",
"dateUpdated": "2025-02-06T15:44:29.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32030 (GCVE-0-2023-32030)
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-01-01 01:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
.NET and Visual Studio Denial of Service Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft .NET Framework 4.8 |
Version: 4.8.0 < 4.8.4644.0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32030",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T01:18:36.201919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T01:19:11.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4644.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4050.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5989",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.9166.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04043.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 and 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19983",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5989",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0.6920.8954; 2.0.50727.8970",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.4644.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.4644.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.4050.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.5989",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04043.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.9166.0",
"versionStartIncluding": "4.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04043.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.19983",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.5989",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:44:10.980Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32030"
}
],
"title": ".NET and Visual Studio Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-32030",
"datePublished": "2023-06-14T14:52:41.272Z",
"dateReserved": "2023-05-01T15:34:52.133Z",
"dateUpdated": "2025-01-01T01:44:10.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33128 (GCVE-0-2023-33128)
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2025-01-01 01:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | .NET 6.0 |
Version: 6.0.0 < 6.0.18 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T14:18:33.333686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T14:18:51.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.18",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.22",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2.16",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.8",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.3",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.3.5",
"versionStartIncluding": "7.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:44:12.674Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128"
}
],
"title": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33128",
"datePublished": "2023-06-13T23:26:22.949Z",
"dateReserved": "2023-05-17T21:16:44.895Z",
"dateUpdated": "2025-01-01T01:44:12.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32032 (GCVE-0-2023-32032)
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2025-01-01 01:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
.NET and Visual Studio Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | .NET 7.0 |
Version: 7.0.0 < 7.0.7 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32032",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T20:01:37.888322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T20:01:48.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.16",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.22",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.8",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2.16",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.22",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.8",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.3",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.3.5",
"versionStartIncluding": "7.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:44:11.443Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032"
}
],
"title": ".NET and Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-32032",
"datePublished": "2023-06-13T23:26:21.832Z",
"dateReserved": "2023-05-01T15:34:52.133Z",
"dateUpdated": "2025-01-01T01:44:11.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…