Msrc Microsoft Visual Studio 2022 Version 17.0 vulnerabilities

CVE-2023-28262 [HIGH] CWE-122 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest

CVE-2023-28296 [HIGH] CWE-415 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates

CVE-2023-28263 [MEDIUM] CWE-170 Visual Studio Information Disclosure Vulnerability Visual Studio Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability crosses the kernel security boundary and can lead to system information disclosure. Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Softw

CVE-2023-28299 [MEDIUM] Visual Studio Spoofing Vulnerability Visual Studio Spoofing Vulnerability Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Remediation: Release Notes Reference: http://aka.ms/vs/15/release/latest Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 Reference: https://my.visualstud

CVE-2023-22490 [MEDIUM] GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? This vulnerability could disclose sensitive information on the victim's file system as well as achieve data exfiltration. FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in MinGit software which is consumed

CVE-2023-23946 [MEDIUM] GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Suppor

CVE-2023-23618 [HIGH] GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Sec

CVE-2023-22743 [HIGH] GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vuln

CVE-2023-23381 [HIGH] CWE-122 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim need

CVE-2023-21566 [HIGH] CWE-73 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Softwar

CVE-2023-21808 [HIGH] CWE-416 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attac

CVE-2023-21815 [HIGH] CWE-191 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim need

CVE-2022-23521 [CRITICAL] GitHub: CVE-2022-23521 gitattributes parsing integer overflow GitHub: CVE-2022-23521 gitattributes parsing integer overflow FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Sup

CVE-2023-41953 [HIGH] GitHub: CVE-2022-41953 Git GUI Clone Remote Code Execution Vulnerability GitHub: CVE-2022-41953 Git GUI Clone Remote Code Execution Vulnerability FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Securit

CVE-2023-21567 [MEDIUM] CWE-59 Visual Studio Denial of Service Vulnerability Visual Studio Denial of Service Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that a local user executes the Visual Studio installer FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this

CVE-2022-41089 [HIGH] .NET Framework Remote Code Execution Vulnerability .NET Framework Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that

CVE-2022-39253 [MEDIUM] GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would th

CVE-2022-41119 [HIGH] Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available ove

CVE-2022-41032 [HIGH] NuGet Client Elevation of Privilege Vulnerability NuGet Client Elevation of Privilege Vulnerability FAQ: Are any other products affected by this vulnerability? Yes. See the following list of affected versions of NuGet.exe, NuGet.Commands, NuGet.CommandLine, and NuGet.Protocol. Customers using any of these affected versions please see for information about how to fix the vulnerability. Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 6.3.0 version or earlie

CVE-2022-38013 [HIGH] .NET Core and Visual Studio Denial of Service Vulnerability .NET Core and Visual Studio Denial of Service Vulnerability .NET and Visual Studio: .NET and Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Remediation: Release Notes Reference: https://my.visualstudio.com/Downl