CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1373 matches found

Tenable Nessus•added 2020/07/16 12:0 a.m.•54 views

Security Update for Microsoft Visual Studio Code ESLint Extension (July 2020)

An input-validation flaw exists in Visual Studio Code Live Share Extension related to handling source code validation upon project opening that allows remote code execution. An attacker can convince a user to clone a specified repository and to open it in Visual Studio Code leading to code...

9.3CVSS8.5AI score0.23563EPSS

Exploits2References3

OSV•added 2020/07/14 11:15 p.m.•2 views

CVE-2020-1481

A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'...

8.8CVSS7.9AI score0.23563EPSS

Exploits2References1

NVD•added 2020/07/14 11:15 p.m.•18 views

CVE-2020-1481

9.3CVSS0.23563EPSS

Exploits2References1

NVD•added 2020/07/14 11:15 p.m.•18 views

CVE-2020-1416

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'...

9.3CVSS0.05862EPSS

Exploits0References1

OSV•added 2020/07/14 11:15 p.m.•22 views

CVE-2020-1416

8.8CVSS7AI score0.05862EPSS

Exploits0References1

Prion•added 2020/07/14 11:15 p.m.•21 views

Remote code execution

9.3CVSS9AI score0.23563EPSS

Exploits2References1Affected Software1

Prion•added 2020/07/14 11:15 p.m.•23 views

Privilege escalation

9.3CVSS8.8AI score0.05862EPSS

Exploits0References1Affected Software3

Cvelist•added 2020/07/14 10:54 p.m.•19 views

CVE-2020-1481

9.1AI score0.23563EPSS

Exploits2References1

CVE•added 2020/07/14 10:54 p.m.•108 views

CVE-2020-1481

The CVE-2020-1481 entry concerns a remote code execution in the Visual Studio Code ESLint Extension. The vulnerability arises when the ESLint extension validates source code after opening a project, enabling attacker-specified code to run in the user’s context if a target clones a repository and ...

9.3CVSS9AI score0.23563EPSS

Exploits2References1Affected Software1

CVE•added 2020/07/14 10:54 p.m.•227 views

CVE-2020-1416

CVE-2020-1416 is the Visual Studio and Visual Studio Code Elevation of Privilege vulnerability. The issue arises when these products load software dependencies, allowing a local attacker who can plant malicious content to execute arbitrary code with the user’s privileges. Microsoft’s advisory sta...

9.3CVSS8.7AI score0.05862EPSS

Exploits0References1Affected Software5

Cvelist•added 2020/07/14 10:54 p.m.•25 views

CVE-2020-1416

8.9AI score0.05862EPSS

Exploits0References1

Microsoft CVE•added 2020/07/14 7:0 a.m.•62 views

Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies. A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user. If the current user is logged on with...

9.3CVSS3.2AI score0.05862EPSS

Exploits0

Microsoft CVE•added 2020/07/14 7:0 a.m.•38 views

Visual Studio Code ESLint Extension Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on...

9.3CVSS2.5AI score0.23563EPSS

Exploits2

Kaspersky•added 2020/07/14 12:0 a.m.•40 views

KLA11861 Multiple vulnerabilities in Microsoft Products (OSS)

Multiple vulnerabilities were found in Microsoft Products Open Source Software. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in Bond can be exploited remotely via...

9.3CVSS8.9AI score0.05862EPSS

Exploits0References4

Positive Technologies•added 2020/07/14 12:0 a.m.•5 views

PT-2020-3300 · Microsoft · Visual Studio Code Eslint Extension

Name of the Vulnerable Software and Affected Versions: ESLint extension for Visual Studio Code affected versions not specified Description: A remote code execution issue exists in the ESLint extension for Visual Studio Code. This occurs when the extension validates source code after a project is...

9.3CVSS8.5AI score0.23563EPSS

Exploits2References4

Positive Technologies•added 2020/07/14 12:0 a.m.•4 views

PT-2020-3185 · Microsoft · Visual Studio Code +1

Name of the Vulnerable Software and Affected Versions: Visual Studio affected versions not specified Visual Studio Code affected versions not specified Description: The issue is related to an elevation of privilege vulnerability when loading software dependencies. This vulnerability can allow an...

9.3CVSS9.1AI score0.05862EPSS

Exploits0References5

Tenable Nessus•added 2020/07/14 12:0 a.m.•83 views

Security Update for Microsoft Visual Studio Code (CVE-2020-1416)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.47.1. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies. A local...

9.3CVSS8.2AI score0.05862EPSS

Exploits0References3

Kaspersky•added 2020/07/14 12:0 a.m.•245 views

KLA11859 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Windows Diagnostics Hub...

9.3CVSS8.5AI score0.94243EPSS

Exploits12References30

Tenable Nessus•added 2020/06/23 12:0 a.m.•40 views

Security Update for Microsoft Visual Studio Code Live Share Extension (June 2020)

An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text. To exploit the vulnerability, an attacker would need to perform a successful capture of the tokens from client to proxy, where specific proxy settings are being used,...

5.9CVSS6.7AI score0.02826EPSS

Exploits0References4

CVE•added 2020/06/22 3:11 p.m.•68 views

CVE-2020-13279

CVE-2020-13279 concerns a vulnerability in the GitLab GitLab-vscode-extension, specifically version v2.2.0 , described as a client-side code execution issue that could allow an attacker to run code on a user’s system. Connected sources corroborate the affected product and scenario, with CVSS metr...

8.6CVSS8.8AI score0.01201EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by