Microsoft Visual Studio Code 0.9.1 for Python

CPE Details

Microsoft Visual Studio Code 0.9.1 for Python
microsoft
visual_studio_code
0.9.1
2021-12-01
13h21 +00:00
2021-12-01
17h46 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:microsoft:visual_studio_code:0.9.1:*:*:*:*:python:*:*

Informations

Vendor

microsoft

Product

visual_studio_code

Version

0.9.1

Target Software

python

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-43601 2024-10-08 17h35 +00:00 Visual Studio Code for Linux Remote Code Execution Vulnerability
7.8
High
CVE-2024-26165 2024-03-12 16h58 +00:00 Visual Studio Code Elevation of Privilege Vulnerability
8.8
High
CVE-2023-36742 2023-09-12 16h58 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2023-33144 2023-06-13 23h26 +00:00 Visual Studio Code Spoofing Vulnerability
6.6
Medium
CVE-2023-29338 2023-05-09 17h03 +00:00 Visual Studio Code Spoofing Vulnerability
6.6
Medium
CVE-2023-24893 2023-04-11 19h13 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2023-21779 2023-01-09 23h00 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2022-41034 2022-10-10 22h00 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2022-30129 2022-05-10 18h35 +00:00 Visual Studio Code Remote Code Execution Vulnerability
8.8
High
CVE-2022-24526 2022-03-09 16h08 +00:00 Visual Studio Code Spoofing Vulnerability
6.1
Medium
CVE-2021-43891 2021-12-15 13h15 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2021-42322 2021-11-09 23h47 +00:00 Visual Studio Code Elevation of Privilege Vulnerability
7.8
High
CVE-2021-34529 2021-07-14 15h54 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2021-34528 2021-07-14 15h54 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2021-34479 2021-07-14 15h54 +00:00 Microsoft Visual Studio Spoofing Vulnerability
7.8
High
CVE-2021-31214 2021-05-11 17h11 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2021-31211 2021-05-11 17h11 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2021-28475 2021-04-13 17h33 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2021-28477 2021-04-13 17h33 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2021-28473 2021-04-13 17h33 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2021-28471 2021-04-13 17h33 +00:00 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2021-28469 2021-04-13 17h33 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2021-28457 2021-04-13 17h33 +00:00 Visual Studio Code Remote Code Execution Vulnerability
7.8
High
CVE-2020-16881 2020-09-11 15h08 +00:00

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opens the malicious 'package.json' file.

The update address the vulnerability by modifying the way Visual Studio Code handles JSON files.
7.8
High
CVE-2020-0604 2020-08-17 17h12 +00:00 A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal. The update address the vulnerability by modifying the way Visual Studio Code handles environment variables.
8.8
High
CVE-2020-1416 2020-07-14 20h54 +00:00 An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.
8.8
High
CVE-2020-1192 2020-05-21 20h53 +00:00 A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171.
7.8
High
CVE-2020-1171 2020-05-21 20h53 +00:00 A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192.
8.8
High
CVE-2019-1414 2020-01-24 19h50 +00:00 An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.
7.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.