Studio Security Vulnerabilities
An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege...
5CVSS
6.6AI Score
0.001EPSS
An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure...
6.5CVSS
6.7AI Score
0.019EPSS
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
0.003EPSS
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
0.003EPSS
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
0.003EPSS
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within.....
5.5CVSS
5.4AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.779. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the.....
7.8CVSS
7.8AI Score
0.003EPSS
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
0.003EPSS
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector,....
7.8CVSS
7.3AI Score
0.0004EPSS
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is...
7.5CVSS
8.3AI Score
0.86EPSS
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the...
9.8CVSS
9.3AI Score
0.053EPSS
A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution...
7.8CVSS
7.3AI Score
0.02EPSS
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering...
6.5CVSS
6.1AI Score
0.001EPSS
WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated...
6.5CVSS
6.3AI Score
0.003EPSS
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution...
7.8CVSS
8.1AI Score
0.058EPSS
A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and...
8.8CVSS
9.3AI Score
0.03EPSS
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing...
5.9CVSS
6.7AI Score
0.003EPSS
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server...
7.5CVSS
8.7AI Score
0.005EPSS
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the...
9.8CVSS
9.4AI Score
0.013EPSS
A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual...
7.8CVSS
7.8AI Score
0.017EPSS
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual...
5.5CVSS
5.1AI Score
0.003EPSS
Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019,...
7.8CVSS
8.4AI Score
0.001EPSS
Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE 2018 Update 3 may allow an authenticated user to potentially escalate privileges via local...
7.8CVSS
7.6AI Score
0.0004EPSS
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI...
9.8CVSS
9.5AI Score
0.004EPSS
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read....
9.8CVSS
9.6AI Score
0.023EPSS
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9,.....
5.5CVSS
5.2AI Score
0.003EPSS
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9,...
5.5CVSS
5.2AI Score
0.003EPSS
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9,.....
5.5CVSS
5.2AI Score
0.003EPSS
WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code...
9.8CVSS
9.9AI Score
0.017EPSS
In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information...
5.3CVSS
5.1AI Score
0.004EPSS
WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an...
8.8CVSS
8.5AI Score
0.003EPSS
Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle...
8.1CVSS
7.7AI Score
0.003EPSS
An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10...
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default...
6.1CVSS
5.8AI Score
0.004EPSS
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code....
9.8CVSS
9.5AI Score
0.014EPSS
Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as...
8.1CVSS
8.3AI Score
0.012EPSS
A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka "Microsoft Macro Assembler Tampering Vulnerability." This affects Microsoft Visual...
7.8CVSS
7.5AI Score
0.001EPSS
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend...
7.8CVSS
7.9AI Score
0.186EPSS
Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...
7.8CVSS
7.7AI Score
0.212EPSS
Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...
7.8CVSS
7.7AI Score
0.212EPSS
A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance:....
8.8CVSS
9AI Score
0.001EPSS
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures...
5.3CVSS
5.1AI Score
0.002EPSS
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store....
Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3...
7.8CVSS
7.7AI Score
0.003EPSS
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted...
5.3CVSS
5.3AI Score
0.001EPSS
A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code...
9.8CVSS
9.5AI Score
0.116EPSS
A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports...
8.8CVSS
8.7AI Score
0.001EPSS
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual...
4.3CVSS
3.9AI Score
0.011EPSS