CVSS: 7.8EPSS: 44%CPEs: 1EXPL: 1CVE-2022-41034 – Visual Studio Code Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41034
Visual Studio Code Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en Visual Studio VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at startup. During testing, the first open of the Jupyter notebook resulted in pop-ups displaying errors of unable to find the payload exe file. The second attempt at opening the Jupyter notebook would result in successful execution. • https://github.com/andyhsu024/CVE-2022-41034 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41034 https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41042 – Visual Studio Code Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-41042
Visual Studio Code Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de código de Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41042 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-41032 – NuGet Client Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-41032
NuGet Client Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en el cliente NuGet A vulnerability was found in dotnet. This flaw allows an attacker to triage a NuGet cache poisoning on Linux via a world-writable cache directory. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032 https://access.redhat.com/security/cve/CVE-2022-41032 https://bugzilla.redhat.com/sho • CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38020 – Visual Studio Code Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-38020
Visual Studio Code Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Visual Studio Code • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38020 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-38013 – .NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-38013
.NET Core and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET Core and Visual Studio • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG https://lists.fedoraproject.org/archives/list/package-announce%40li • CWE-400: Uncontrolled Resource Consumption •