FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
4bc66a81-89d2-4696-a04b-defd2eb77783	vscode -- VS Code Remote Code Execution Vulnerability VSCode developers report: Visual Studio Code Remote Code Execution Vulnerability A remote code execution vulnerability exists in VS Code 1.82.0 and earlier versions that working in a maliciously crafted package.json can result in executing commands locally. This scenario would require the attacker to get the VS Code user to open the malicious project and have get the user to open and work with malformed entries in the dependencies sections of the package.json file. VS Code uses the locally installed npm command to fetch information on package dependencies. A package dependency can be named in such a way that the npm tool runs a script instead. Discovery 2023-09-12 Entry 2023-09-13 vscode < 1.82.1 CVE-2023-36742 https://nvd.nist.gov/vuln/detail/CVE-2023-36742 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742
f0250129-fdb8-41ed-aa9e-661ff5026845	vscode -- VS Code Information Disclosure Vulnerability VSCode developers reports: VS Code Information Disclosure Vulnerability A information disclosure vulnerability exists in VS Code 1.79.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. An authorised attacker must send the user a malicious file and convince the user to open it for the vulnerability to occur. Exploiting this vulnerability could allow the disclosure of NTLM hashes. Discovery 2023-06-13 Entry 2023-06-13 vscode < 1.79.1 CVE-2023-33144 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144
7913fe6d-2c6e-40ba-a7d7-35696f3db2b6	vscode -- Visual Studio Code Information Disclosure Vulnerability secure@microsoft.com reports: Visual Studio Code Information Disclosure Vulnerability A information disclosure vulnerability exists in VS Code 1.78.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. An authorised attacker must send the user a malicious file and convince the user to open it for the vulnerability to occur. Exploiting this vulnerability could allow the disclosure of NTLM hashes. Discovery 2023-05-09 Entry 2023-05-10 vscode < 1.78.1 CVE-2023-29338 https://nvd.nist.gov/vuln/detail/CVE-2023-29338 https://github.com/microsoft/vscode/security/advisories/GHSA-mmfh-4pv3-39hr

VuXML ID

Description

4bc66a81-89d2-4696-a04b-defd2eb77783

vscode -- VS Code Remote Code Execution Vulnerability

VSCode developers report:

Visual Studio Code Remote Code Execution Vulnerability

A remote code execution vulnerability exists in VS Code 1.82.0 and earlier versions that working in a maliciously crafted package.json can result in executing commands locally. This scenario would require the attacker to get the VS Code user to open the malicious project and have get the user to open and work with malformed entries in the dependencies sections of the package.json file.

VS Code uses the locally installed npm command to fetch information on package dependencies. A package dependency can be named in such a way that the npm tool runs a script instead.

Discovery 2023-09-12
Entry 2023-09-13
vscode

< 1.82.1

CVE-2023-36742
https://nvd.nist.gov/vuln/detail/CVE-2023-36742
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742

f0250129-fdb8-41ed-aa9e-661ff5026845

vscode -- VS Code Information Disclosure Vulnerability

VSCode developers reports:

VS Code Information Disclosure Vulnerability

A information disclosure vulnerability exists in VS Code 1.79.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. An authorised attacker must send the user a malicious file and convince the user to open it for the vulnerability to occur. Exploiting this vulnerability could allow the disclosure of NTLM hashes.

Discovery 2023-06-13
Entry 2023-06-13
vscode

< 1.79.1

CVE-2023-33144
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144

7913fe6d-2c6e-40ba-a7d7-35696f3db2b6

vscode -- Visual Studio Code Information Disclosure Vulnerability

secure@microsoft.com reports:

Visual Studio Code Information Disclosure Vulnerability

A information disclosure vulnerability exists in VS Code 1.78.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. An authorised attacker must send the user a malicious file and convince the user to open it for the vulnerability to occur. Exploiting this vulnerability could allow the disclosure of NTLM hashes.

Discovery 2023-05-09
Entry 2023-05-10
vscode

< 1.78.1

CVE-2023-29338
https://nvd.nist.gov/vuln/detail/CVE-2023-29338
https://github.com/microsoft/vscode/security/advisories/GHSA-mmfh-4pv3-39hr