| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code allows an unauthorized attacker to execute code locally. |
| Missing authorization in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. |
| Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. |
| Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally. |
| Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network. |
| Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. |
| Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. |
| Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. |
| Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. |
| Visual Studio Collector Service Denial of Service Vulnerability |
| Visual C++ Redistributable Installer Elevation of Privilege Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
| Visual Studio Code for Linux Remote Code Execution Vulnerability |
| .NET and Visual Studio Remote Code Execution Vulnerability |
| Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network. |
| A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. |
| .NET Core Remote Code Execution Vulnerability |
| .NET Core and Visual Studio Denial of Service Vulnerability |