PT-2024-6834 · Microsoft +1 · Visual Studio Code +1

Name of the Vulnerable Software and Affected Versions: Visual Studio Code affected versions not specified Description: The issue is related to the failure to neutralize special elements used in operating system commands. This could allow a remote attacker to execute arbitrary code. Recommendation...

PT-2024-6977 · Microsoft · Visual Studio Code Extension For Arduino

Name of the Vulnerable Software and Affected Versions: Visual Studio Code extension for Arduino affected versions not specified Description: The issue is related to missing authentication for a critical function in the Visual Studio Code extension for Arduino, allowing an unauthenticated attacker...

Microsoft Visual Studio Code 命令注入漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A command injection vulnerability exists in Microsoft Visual Studio Code. An attacker exploiting this vulnerability could remotely execute code. No information about this vulnerability is available at this time, please...

Microsoft Visual Studio Code 访问控制错误漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A remote code execution vulnerability exists in the Microsoft Visual Studio Code extension for Arduino, which can be exploited by an attacker to execute arbitrary code on a system...

CVE-2024-9145

Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz legacy Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder"...

CVE-2024-9145 Local command injection in Wiz Code Visual Studio Code extension

Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz legacy Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder"...

CVE-2024-9145 Local command injection in Wiz Code Visual Studio Code extension

Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz legacy Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder"...

CVE-2024-9145

The CVE-2024-9145 issue affects Wiz Code Visual Studio Code extension versions 1.0.0–1.5.3 and Wiz (legacy) Visual Studio Code extension versions 0.13.0–0.17.8. When a user opens a maliciously crafted Dockerfile located in a path marked as a “trusted folder” in Visual Studio Code and initiates a ...

Wiz Code和Wiz (legacy) 安全漏洞

Wiz Code and Wiz legacy are both a Visual Studio Code extension from Wiz, Inc. A security vulnerability exists in Wiz Code versions 1.0.0 through 1.5.3 and Wiz legacy versions 0.13.0 through 0.17.8, which stems from vulnerability to local command injection attacks...

Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

The China-linked advanced persistent threat APT group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia. "This threat actor used Visual Studio Code's embedded reverse shell feature to ga...

Markdown PDF 跨站脚本漏洞

Markdown PDF is a Markdown converter for Visual Studio code by yzane individual developers. A cross-site scripting vulnerability exists in Markdown PDF version 1.5.0. An attacker can exploit this vulnerability to perform a cross-site scripting attack...

Markdown PDF 路径遍历漏洞

Markdown PDF is a Markdown converter for Visual Studio code by yzane individual developer. A security vulnerability exists in Markdown PDF version 1.5.0. An attacker can exploit the vulnerability to traverse pathnames...

MAL-2024-3834 Malicious code in vscode-ui5-language-assistant (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9629544d283355bc3e5f8a20f5d3d42bf915bee3fc09af17209a8d17e97642d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vscode-dev-containers (npm)

--- -= Per source details. Do not edit below this line.=-...

Vulnerability of plugins for Git control and history visualization: GitKraken, GitLens, the source code editor Visual Studio Code, allowing the intruder to execute arbitrary code.

The vulnerability of the plugin for control and visualization of Git history, GitKraken, GitLens, and the source code editor Visual Studio Code is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially...

ROS-20240503-05

Microsoft Visual Studio Codef source code editor vulnerability is related to flaws in access control. access. Exploitation of the vulnerability could allow an attacker acting remotely to elevate his or her privileges...

Visual Studio Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Visual Studio vsix Extension Exec', 'Description' = %q Creates a vsix file which can be installed in Visual Studio Code as an extension. At...

CVE-2024-1569

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

CVE-2024-1569

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

CVE-2024-1569 Uncontrolled Resource Consumption in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...