Msrc Microsoft Visual Studio 2022 Version 17.2 vulnerabilities

CVE-2023-24897 [HIGH] CWE-122 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carrie

CVE-2023-25652 [HIGH] GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. P

CVE-2023-25815 [LOW] GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Ple

CVE-2023-33139 [MEDIUM] CWE-125 Visual Studio Information Disclosure Vulnerability Visual Studio Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure? The attack itself is carried out locally.

CVE-2023-32032 [MEDIUM] CWE-20 .NET and Visual Studio Elevation of Privilege Vulnerability .NET and Visual Studio Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. FAQ: What privileges could be gained by an attacker who successfull

CVE-2023-28260 [HIGH] .NET DLL Hijacking Remote Code Execution Vulnerability .NET DLL Hijacking Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

CVE-2023-28262 [HIGH] CWE-122 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest

CVE-2023-28296 [HIGH] CWE-415 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates

CVE-2023-28263 [MEDIUM] CWE-170 Visual Studio Information Disclosure Vulnerability Visual Studio Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability crosses the kernel security boundary and can lead to system information disclosure. Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Softw

CVE-2023-28299 [MEDIUM] Visual Studio Spoofing Vulnerability Visual Studio Spoofing Vulnerability Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Remediation: Release Notes Reference: http://aka.ms/vs/15/release/latest Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 Reference: https://my.visualstud

CVE-2023-22490 [MEDIUM] GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? This vulnerability could disclose sensitive information on the victim's file system as well as achieve data exfiltration. FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in MinGit software which is consumed

CVE-2023-23946 [MEDIUM] GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Suppor

CVE-2023-23618 [HIGH] GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Sec

CVE-2023-22743 [HIGH] GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vuln

CVE-2023-23381 [HIGH] CWE-122 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim need

CVE-2023-21566 [HIGH] CWE-73 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Softwar

CVE-2023-21808 [HIGH] CWE-416 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attac

CVE-2023-21815 [HIGH] CWE-191 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim need

CVE-2022-23521 [CRITICAL] GitHub: CVE-2022-23521 gitattributes parsing integer overflow GitHub: CVE-2022-23521 gitattributes parsing integer overflow FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Sup

CVE-2023-41953 [HIGH] GitHub: CVE-2022-41953 Git GUI Clone Remote Code Execution Vulnerability GitHub: CVE-2022-41953 Git GUI Clone Remote Code Execution Vulnerability FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Securit