92 matches found
CVE-2020-1147
CVE-2020-1147 affects the .NET Framework, SharePoint Server, and Visual Studio. The root cause is improper handling of XML input, specifically a failure to validate the source markup during deserialization, which can lead to remote code execution. The vulnerability is characterized by the ability...
CVE-2025-21176
CVE-2025-21176 is a remote code execution vulnerability affecting .NET/.NET Framework and Visual Studio components. Public sources describe a buffer over-read in DiaSymReader.dll not checking length when processing symbolic data, impacting EOL ASP.NET 6.0.0–6.0.36 and also 8.0.0–8.0.11 and up to ...
CVE-2023-36792
CVE-2023-36792 is a Windows-only Visual Studio/.NET remote code execution vulnerability. Root cause: Microsoft.DiaSymReader.Native.amd64.dll mishandles corrupted PDB files, enabling RCE. Affected: .NET 6.0 and .NET 7.0 runtimes (applications) prior to patched versions. Patched versions: .NET 6.0....
CVE-2023-36793
CVE-2023-36793 is a Microsoft .NET/Visual Studio remote code execution vulnerability. It stems from Microsoft.DiaSymReader.Native.amd64.dll reading a corrupted PDB file, affecting Windows systems. Affected: .NET 7.0 up to 7.0.10 and .NET 6.0 up to 6.0.21. Patched versions: .NET 7.0.11 and .NET 6....
CVE-2023-36794
CVE-2023-36794 is a Visual Studio/.NET remote code execution vulnerability. Affects Windows applications using Microsoft.DiaSymReader.Native.amd64.dll when reading corrupted PDB files, potentially enabling code execution. Affected: .NET 6.0 and .NET 7.0 runtimes and Visual Studio environments; pa...
CVE-2023-36796
CVE-2023-36796 is a .NET Framework RCE vulnerability in DiaSymReader.dll triggered when reading a corrupted PDB file. It affects .NET Framework 3.5 and 4.8.1 on Windows Server/Windows OS configurations described in KB5029918. Mitigation: apply the corresponding cumulative update (KB5029918) or th...
CVE-2025-21172
CVE-2025-21172 is a Microsoft .NET/Visual Studio remote code execution vulnerability. The linked CVE record notes the root cause as an integer overflow and a heap-based overflow in msdia140.dll, yielding a high-impact remote code execution scenario over network; exploitation status is not detaile...
CVE-2024-43590
CVE-2024-43590 is a local elevation-of-privilege vulnerability in the Visual C++ Redistributable Installer. A local attacker with Low privileges could exploit this (UI: none) to gain High confidentiality, integrity, and availability impact, with the attack vector being local and requiring Low pri...
CVE-2023-21808
CVE-2023-21808 is a remote code execution vulnerability in .NET and Visual Studio related to how debugging symbols are read. Connected sources confirm affected products include .NET 6.0/7.0 runtimes and SDKs and Visual Studio components, with the root cause in the handling of symbol files (debug ...
CVE-2018-0952
CVE-2018-0952 is a local Elevation of Privilege vulnerability in Diagnostics Hub Standard Collector (used by Windows Diagnostics Hub and Visual Studio components). The root cause, as documented, is the ability to create arbitrary files due to lack of proper client impersonation in DiagnosticsHub....
CVE-2019-1349
CVE-2019-1349 concerns a remote code execution vulnerability in Git for Visual Studio caused by improper input sanitization. The connected documents corroborate that this CVE is distinct from other CVEs in the same family and tie the issue to Git for Visual Studio, noting an impact of remote code...
CVE-2019-1352
CVE-2019-1352 is a remote code execution vulnerability described as arising when Git for Visual Studio improperly sanitizes input. The connected Astra Linux advisory notes a libgit2-based issue (path.c handling of NTFS Alternate Data Streams) that is similar to CVE-2019-1352, and other advisories...
CVE-2022-35827
CVE-2022-35827 is a Visual Studio remote code execution vulnerability affecting multiple Visual Studio releases (e.g., 2012 Update 5, 2013 Update 5, 2015 Update 3) via the VSGraphics component. Microsoft update pages (KB5016314/KB5016315/KB5016316) describe security updates with specific hotfix f...
CVE-2023-24897
CVE-2023-24897 covers a .NET/.NET Framework/Visual Studio Remote Code Execution vulnerability. Public advisories attribute the flaw to the MSDIA SDK (causing heap overflow due to corrupted PDBs) and enable RCE under certain conditions. Affected products include .NET 6/7 runtimes and corresponding...
CVE-2023-36897
CVE-2023-36897 is a spoofing vulnerability in the Visual Studio Tools for Office (VSTO) Runtime. It can allow impersonation of another user and is tied to Office/VSTO deployments. Evidence from multiple sources (MSRC/KB5029497, Nessus plugin, NCSC advisory) indicates the issue affects VSTO runtim...
CVE-2020-1108
CVE-2020-1108 affects Microsoft .NET Core and .NET Framework; a denial-of-service can be caused by improper handling of incoming web requests. The IBM security bulletin (referencing IBM X-Force) lists a base score of 7.5 (HIGH) and notes the vulnerability affects IBM Robotic Process Automation pr...
CVE-2024-20656
CVE-2024-20656 is a Microsoft Visual Studio elevation-of-privilege vulnerability. Public sources indicate it stems from how Diagnostics Hub Standard Collector handles data operations, enabling a local attacker to gain SYSTEM privileges when exploiting Visual Studio components. The vulnerability i...
CVE-2019-1354
Technical details for CVE-2019-1354 are not publicly provided in the supplied documents; monitor for updates.
CVE-2020-1416
CVE-2020-1416 is the Visual Studio and Visual Studio Code Elevation of Privilege vulnerability. The issue arises when these products load software dependencies, allowing a local attacker who can plant malicious content to execute arbitrary code with the user’s privileges. Microsoft’s advisory sta...
CVE-2019-1350
Technical details about CVE-2019-1350 are not publicly available in the provided documents. Monitor for updates and forthcoming advisories.
CVE-2021-26423
CVE-2021-26423 is a .NET Core/ASP.NET DoS vulnerability described as a denial of service in WebSocket frame processing. The primary documentation identifies affected software as .NET Core and Visual Studio (Denial of Service Vulnerability) with network-based exposure and low attack complexity. Co...
CVE-2021-34485
CVE-2021-34485 is a .NET Core information disclosure vulnerability. The root cause is that crash-dump files created by the tool (for crash dumps and on-demand dumps) could be written with world-readable permissions on Linux/macOS, enabling local attackers to read sensitive dump data. Affected sof...
CVE-2023-28299
CVE-2023-28299 is the Visual Studio Spoofing Vulnerability. Connected sources indicate this affects Microsoft Visual Studio tooling and related components, with the NCSC entry mapping CVE-2023-28299 to an impersonation (spoofing) impact and noting PoCs exist for several related CVEs. The vulnerab...
CVE-2019-1113
CVE-2019-1113 is a remote code execution vulnerability in .NET software where the product fails to check the source markup of a file. The root cause is the failure to validate the source markup, which could allow an attacker to run arbitrary code in the context of the current user. The vulnerabil...
CVE-2022-24767
CVE-2022-24767 affects Git for Windows prior to 2.35.2, where the uninstaller is vulnerable to DLL hijacking when executed under the SYSTEM account. Root cause: uninstaller loads a malicious DLL from a user-writable path, enabling potential arbitrary code execution or compromise of the host as de...
CVE-2019-1351
CVE-2019-1351 refers to a tampering vulnerability in Git for Visual Studio, caused by improper handling of virtual drive paths. The available documents explicitly identify the issue as a tampering vulnerability and name the affected component, but they do not provide exploit details, affected ver...
CVE-2022-29148
CVE-2022-29148 is a Microsoft Visual Studio remote code execution vulnerability. The available details identify Visual Studio as the affected product family, with exploitation judged as possible via a local vector requiring user interaction (CVSS v3.1: 7.8, HIGH; AV:L, AC:L, PR:N, UI:R, S:U, C:H,...
CVE-2021-42277
Technical details about CVE-2021-42277 are not provided in the connected documents; only generic vulnerability labels and references are available. Monitor for official advisories or CVE records for affected products, fixes, and mitigations.
CVE-2020-26870
CVE-2020-26870 affects DOMPurify up to 2.0.16/2.0.17, where a serialize-parse roundtrip can alter the DOM (namespace changes HTML→MathML, e.g., nesting FORM elements), enabling a mutation XSS. The issue is documented by Cure53 and linked analyses; a fix was released with DOMPurify 2.0.17. Related...
CVE-2021-1721
CVE-2021-1721 is a denial-of-service vulnerability in dotnet-core/.NET Core prior to 3.1.12 affecting HTTPS web requests during X509 certificate chain building. Multiple sources (Arch Linux advisories ASA-202103-17 and ASA-202103-16) describe the impact as a denial of service, with upgrade paths ...
CVE-2022-21871
Technical details about CVE-2022-21871 are not publicly provided in the supplied documents; no affected product/version, root cause, or remediation are described here. Monitor for official disclosures and updates.
CVE-2019-0657
Summary: CVE-2019-0657 is referenced across multiple sources as the".NET Core NuGet Tampering Vulnerability". Connected items (ALT Linux package advisories) cite CVE-2019-0657 in security fixes for various dotnet-bootstrap packages (versions 2.1.9-alt1 across 3.1, 5.0, 6.0, 7.0 series). The advis...
CVE-2019-1077
Summary (CVE-2019-1077): A local elevation-of-privilege flaw in the Visual Studio updater service arises from improper handling of file permissions. The vulnerability allows an attacker who can log on locally to overwrite arbitrary files with XML content in the local system security context, enab...
CVE-2022-35777
CVE-2022-35777 is a Visual Studio remote code execution vulnerability affecting the VSGraphics component. Connected sources (KB/MSRC/NVD) identify it as a Fbx File parser Heap overflow vulnerability within Visual Studio product lines, with references listing affected versions (including VS 2012 U...
CVE-2023-21815
CVE-2023-21815 is a Visual Studio remote code execution vulnerability. The connected Microsoft KB entries state it exists in Visual Studio 2013 Update 5 and is caused by improper handling of debug information, enabling remote code execution. The updated security fixes (KB5026610 for VS2013 Update...
CVE-2019-0727
CVE-2019-0727 describes an elevation-of-privilege flaw in the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector, allowing an attacker who can log on to delete files in arbitrary locations. The vulnerability is rooted in the collectors’ handling of file deletion permissio...
CVE-2021-1651
Technical details about CVE-2021-1651 are not provided in the supplied documents; only the vulnerability is named. Monitor for updates from official advisories.
CVE-2019-0757
CVE-2019-0757 is a Tampering Vulnerability in the NuGet Package Manager for Linux and macOS. The issue allows an authenticated attacker to modify a NuGet package’s folder structure (NuGet Package Manager Tampering Vulnerability). Public sources in connected documents indicate this affects .NET Co...
CVE-2020-1597
CVE-2020-1597 is a denial-of-service vulnerability in ASP.NET Core where remote, unauthenticated attackers can cause resource exhaustion by sending specially crafted web requests. The flaw stems from how ASP.NET Core handles incoming requests and is fixed by an update that corrects request handli...
CVE-2023-28296
CVE-2023-28296 is a Microsoft Visual Studio remote code execution vulnerability with multiple affected products (Visual Studio 2022/2019, .NET components, and Visual Studio Code). The root cause is not explicitly detailed here, but the CVSSv3.1 scores it as a high-severity, locally exploitable is...
CVE-2021-1639
CVE-2021-1639 appears as a Visual Studio Code remote code execution vulnerability. Connected sources confirm Visual Studio Code is affected and note public exploits exist (Kaspersky). The documents provide high-severity impact for this CVE but do not consistently expose concrete root-cause detail...
CVE-2019-0613
CVE-2019-0613 affects Microsoft .NET Framework and Visual Studio. The vulnerability arises when the software fails to validate the source markup of a file, allowing remote code execution in the context of the current user. CVSS data from NVD indicates a network-exposed, high-severity issue (v3 ba...
CVE-2025-21178
Technical details about CVE-2025-21178 are not publicly provided in the connected documents. No affected product/version/root cause/impact are specified here. Monitor for updates from MSRC/MSKB and other sources for concrete details and patch information.
CVE-2019-1232
CVE-2019-1232 is a local elevation-of-privilege flaw in the Diagnostics Hub Standard Collector Service. Affected: Diagnostics Hub Standard Collector Service; root cause: improper impersonation of certain file operations. Impact per sources: confidentiality, integrity, and availability are rated p...
CVE-2020-17156
CVE-2020-17156 is a Microsoft Visual Studio remote code execution vulnerability. Connected sources corroborate a Visual Studio/Developer Tools exposure with high-severity impact (CVSS v3.1 base 7.8) and note that an update is available from Microsoft/MSRC to fix it. Affected products include vari...
CVE-2022-35826
CVE-2022-35826 is a Visual Studio remote code execution vulnerability affecting multiple Visual Studio versions through the VSGraphics component, with Microsoft’s August 2022 updates addressing CVE-2022-35826 alongside related CVEs (e.g., 35825, 35777, 35827). The Microsoft advisories describe an...
CVE-2023-33139
CVE-2023-33139 describes an Information Disclosure vulnerability in Microsoft Visual Studio, tied to the VSGraphics component. Public disclosures indicate affected VS versions range from Visual Studio 2013 Update 5 through newer updates, with MSKB entries (KB5026454/KB5026455) outlining hotfixes ...
CVE-2023-23381
CVE-2023-23381 is a Visual Studio remote code execution vulnerability. Connected documents confirm this CVE is referenced in Microsoft security updates for multiple Visual Studio versions (e.g., VS2013 Update 5 and VS2015 Update 3) with patches/KB articles available (KB5026610, KB5025792). The KB...
CVE-2020-16856
CVE-2020-16856 is a Visual Studio remote code execution vulnerability. The issue arises from how Visual Studio handles objects in memory, enabling an attacker to run arbitrary code in the context of the current user. If the user runs Visual Studio with administrative rights, the attacker could ta...
CVE-2018-8172
The CVE-2018-8172 entry pertains to a remote code execution vulnerability in Visual Studio family (including Visual Studio and Expression Blend) where the product fails to validate the source markup of an unbuilt project file. Root cause: improper handling of source markup in unbuilt files leadin...