14 matches found
CVE-2022-26921
CVE-2022-26921 is a Local Privilege Escalation affecting Visual Studio Code. According to the CVE data, the vulnerability supports local attack vector, requires LOW privileges, and does not require user interaction (UI: NONE). The impact is described as high for confidentiality, integrity, and av...
CVE-2022-21991
CVE-2022-21991 is a remote code execution vulnerability in the Visual Studio Code Remote Development Extension. The provided documents confirm an RCE impact (high severity, CVSS v3.1 base 8.1) with network-based access and no user interaction, but do not specify affected product versions or explo...
CVE-2020-16977
CVE-2020-16977 describes a remote code execution vulnerability in Visual Studio Code arising when the Python extension loads a Jupyter notebook file. An attacker who can entice a user to open a specially crafted notebook could run arbitrary code in the user’s context, potentially gaining full sys...
CVE-2021-1639
CVE-2021-1639 appears as a Visual Studio Code remote code execution vulnerability. Connected sources confirm Visual Studio Code is affected and note public exploits exist (Kaspersky). The documents provide high-severity impact for this CVE but do not consistently expose concrete root-cause detail...
CVE-2022-38020
CVE-2022-38020 affects Visual Studio Code. The connected Nessus entry confirms a privilege-escalation vulnerability in VS Code versions prior to 1.17.1. An authenticated, local attacker can exploit this to elevate privileges to those of another user on the affected system. The plugin text notes a...
CVE-2020-17023
CVE-2020-17023 — Visual Studio Code remote code execution Affected product: Visual Studio Code. Vulnerability: A remote code execution flaw occurs when a user is tricked into opening a malicious package.json; attacker-supplied code runs in the context of the current user. Exploitation requires co...
CVE-2022-41042
CVE-2022-41042 is a Visual Studio Code information disclosure vulnerability. The CVE entry concerns Visual Studio Code and related tooling; the vulnerability is described as information disclosure with a CVSSv3.1 base score of 7.4 (HIGH), requiring user interaction and with network attack vector ...
CVE-2024-43488
CVE-2024-43488 affects the Visual Studio Code extension for Arduino. The vulnerability is a missing authentication in a critical function, enabling remote code execution over a network attack vector. Impact per sources is arbitrary code execution with high/critical severity. Affected component is...
CVE-2021-26437
CVE-2021-26437 concerns a spoofing vulnerability in Microsoft Visual Studio Code. The available documents describe a UI spoofing issue in VS Code with a local attack vector, requiring user interaction, and separate risk details. A remediation referenced by a Nessus plugin indicates updating to Vi...
CVE-2021-27060
CVE-2021-27060 is a reported vulnerability in Microsoft Visual Studio Code described as a remote code execution issue related to Visual Studio Code. The connected sources identify this as an arbitrary code execution vulnerability in VS Code, exploitable by convincing a user to open specially craf...
CVE-2020-17104
CVE-2020-17104 concerns Visual Studio Code JSHint Extension. Root cause per PT-2020-4828: insufficient input validation in the Visual Studio Code editor, enabling a remote attacker to execute arbitrary code via a specially crafted file. The connected document does not specify affected versions or...
CVE-2021-43908
CVE-2021-43908 affects Visual Studio Code and is described as a spoofing vulnerability. Connected documents reference an exploit repository (githubexploit: Sudistark/vscode-rce-electrovolt) and related advisories, but the provided materials do not include concrete technical details such as vulner...
CVE-2019-0728
CVE-2019-0728 describes a remote code execution vulnerability in Visual Studio Code: if the editor processes environment variables when a project is opened, an attacker could run arbitrary code in the current user context. Exploitation requires user action to clone a repository and open it in VS ...
CVE-2018-0597
CVE-2018-0597 is an untrusted search path vulnerability in the Visual Studio Code installer. A malicious DLL located in the same directory as the installer can be loaded, enabling arbitrary code execution with the privileges of the invoking user. Affected component: the VS Code installer; root ca...