Lucene search
K
MicrosoftVisual Studio 2017

92 matches found

CVE
CVE
added 2020/05/21 10:53 p.m.141 views

CVE-2020-1161

CVE-2020-1161 is a denial-of-service vulnerability in ASP.NET Core where improper handling of web requests can trigger a DoS. It is referenced in multiple advisories (e.g., RHSA-2020:2250 and ELSA-2020-2250) as part of the .NET Core DoS fixes. The connected Red Hat advisories indicate the remedia...

7.5CVSS7.3AI score0.05701EPSS
CVE
CVE
added 2020/09/11 5:9 p.m.140 views

CVE-2020-1133

Technical details about CVE-2020-1133 are not publicly provided in the connected documents. Available sources mention Diagnostics Hub Standard Collector and the fix, but no affected versions, exploit specifics, or mitigation steps are given. Monitor for updates.

7.8CVSS6.5AI score0.00978EPSS
CVE
CVE
added 2020/09/11 5:9 p.m.138 views

CVE-2020-1130

CVE-2020-1130 affects the Diagnostics Hub Standard Collector. The issue is an elevation of privilege in the collector’s data handling, enabling a crafted local application to run processes in an elevated context. The vulnerability is addressed by updating how the Diagnostics Hub Standard Collecto...

7.8CVSS7AI score0.00777EPSS
CVE
CVE
added 2022/08/09 8:12 p.m.137 views

CVE-2022-35825

Technical details about CVE-2022-35825 are not publicly provided in the supplied documents. No explicit affected product version, root cause, or remediation is described here. Monitor for official updates from Microsoft and security advisories.

8.8CVSS8.8AI score0.01779EPSS
CVE
CVE
added 2018/12/12 12:0 a.m.135 views

CVE-2018-8599

CVE-2018-8599 is the Diagnostics Hub Standard Collector Service Elevation of Privilege vulnerability. The NVD entry states a local attacker could exploit improper impersonation of certain file operations to gain privileges on affected Microsoft software, including Visual Studio, Windows Server 20...

7.8CVSS8.4AI score0.0099EPSS
CVE
CVE
added 2023/02/14 8:9 p.m.134 views

CVE-2023-21566

CVE-2023-21566 is a Visual Studio elevation-of-privilege vulnerability. The linked documents describe insufficient access restrictions in Visual Studio that can allow a local attacker with low privileges to escalate to higher privileges (obtaining increased entitlements). Exploitation is local an...

7.8CVSS7.7AI score0.00367EPSS
CVE
CVE
added 2020/06/09 7:43 p.m.132 views

CVE-2020-1202

CVE-2020-1202 affects Diagnostics Hub Standard Collector or Visual Studio Standard Collector. Root cause: improper handling of memory objects leading to elevation of privilege. Impact: local elevation of privileges if exploited; CVSS data in the Initial document indicates HIGH severity. Exploitat...

7.8CVSS8AI score0.00889EPSS
CVE
CVE
added 2020/09/11 5:8 p.m.131 views

CVE-2020-16874

CVE-2020-16874 is a Visual Studio remote code execution vulnerability caused by improper handling of objects in memory. Exploitation requires a user to open a specially crafted file, potentially allowing arbitrary code execution in the current user context with Administrative rights. Microsoft an...

9.3CVSS8.9AI score0.04285EPSS
CVE
CVE
added 2021/04/13 7:32 p.m.131 views

CVE-2021-28321

CVE-2021-28321 is a elevation-of-privilege issue in the Diagnostics Hub Standard Collector Service. The NVD entry lists a local, low-attack‑complexity vector with no authentication, achieving high impact on confidentiality, integrity, and availability (CVSS‑3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:...

7.8CVSS7.8AI score0.01281EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.128 views

CVE-2020-0810

CVE-2020-0810 affects the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector on Windows. The root cause is an elevation of privilege vulnerability allowing file creation in arbitrary locations, exploitable by a logged-on attacker who runs a crafted application; this could...

7.8CVSS8.6AI score0.01002EPSS
CVE
CVE
added 2020/07/14 10:54 p.m.127 views

CVE-2020-1393

Summary: CVE-2020-1393 is an elevation of privilege in Windows Diagnostics Hub related to the Standard Collector Service failing to sanitize input, causing insecure library loading. The root cause is input validation/sanitization weaknesses leading to loading of untrusted libraries. This CVE is r...

7.8CVSS8AI score0.00919EPSS
CVE
CVE
added 2021/04/13 7:32 p.m.123 views

CVE-2021-28313

Technical details about CVE-2021-28313 are not publicly provided in the supplied documents. Monitor for updates from NVD, MSRC, and vendor advisories for affected components and fixes.

7.8CVSS7.7AI score0.01039EPSS
CVE
CVE
added 2021/09/15 11:23 a.m.122 views

CVE-2021-26434

CVE-2021-26434 is a Visual Studio local privilege escalation. The issue arises during installation of Game development with C++/Unreal Engine workload, where the installer creates a directory with write permissions for all users, enabling LPE. Affected products include various Visual Studio versi...

7.8CVSS7.5AI score0.00828EPSS
CVE
CVE
added 2021/01/12 7:42 p.m.120 views

CVE-2021-1680

Technical details about CVE-2021-1680 are not publicly available in the provided connected documents. Monitor for updates for affected product, root cause, impact, and remediation information.

7.8CVSS8.1AI score0.00714EPSS
CVE
CVE
added 2021/04/13 7:32 p.m.120 views

CVE-2021-28322

Technical details about CVE-2021-28322 are not publicly provided in the supplied documents. No affected products, exploit information, or fixes are described here. Monitor for updates from the referenced advisories and vulnerability feeds.

7.8CVSS7.8AI score0.01039EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.119 views

CVE-2018-1037

CVE-2018-1037 affects Microsoft Visual Studio family. The vulnerability is an information disclosure caused by improper handling of uninitialized memory when compiling Program Database (PDB) files, allowing disclosure of limited memory contents. The NVD entry lists CVSSv3 base score 4.3 (Medium),...

4.3CVSS3.9AI score0.05881EPSS
CVE
CVE
added 2019/04/09 2:30 a.m.119 views

CVE-2019-0809

CVE-2019-0809 affects the Visual Studio C++ Redistributable Installer. The vulnerability arises from improper validation of input before loading DLLs, enabling remote code execution in the context of the current user. Exploitation requires the attacker to place a malicious DLL on the target syste...

7.8CVSS7.3AI score0.10551EPSS
CVE
CVE
added 2020/06/09 7:43 p.m.119 views

CVE-2020-1257

Technical details about CVE-2020-1257 are not provided in the connected documents. Public aliases, affected components, impact or fixes are not specified here; monitor for authoritative updates.

7.8CVSS8.1AI score0.00785EPSS
CVE
CVE
added 2020/06/09 7:43 p.m.118 views

CVE-2020-1293

CVE-2020-1293 is an Elevation of Privilege vulnerability in Diagnostics Hub Standard Collector Service where file operations are mishandled. The connected AVLeonarov item places CVE-2020-1293 under Diagnostics Hub Standard Collector EOP and lists it alongside CVE-2020-1257 and CVE-2020-1278, but ...

7.8CVSS8.1AI score0.00785EPSS
CVE
CVE
added 2021/09/15 11:23 a.m.118 views

CVE-2021-36952

The linked Nessus entry for CVE-2021-36952 identifies Visual Studio as affected, describing a local, memory-handling vulnerability that an unauthenticated attacker can exploit to bypass authentication and execute arbitrary commands. This is stated as a Visual Studio code-execution issue caused by...

7.8CVSS7.9AI score0.54171EPSS
CVE
CVE
added 2020/06/09 7:43 p.m.117 views

CVE-2020-1203

CVE-2020-1203 is an elevation of privilege affecting the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector, caused by improper handling of memory in affected objects. The description notes this CVE is distinct from CVE-2020-1202 and does not provide explicit affected ver...

7.8CVSS8AI score0.00889EPSS
CVE
CVE
added 2024/10/08 5:36 p.m.116 views

CVE-2024-43603

CVE-2024-43603 is a Denial of Service vulnerability in the Visual Studio Diagnostics Hub Standard Collector (Visual Studio Collector Service). The MS security update description confirms a DoS in Diagnostics Hub Standard Collector when handling certain file operations. Remediations are provided v...

5.5CVSS5.7AI score0.00761EPSS
CVE
CVE
added 2021/04/13 7:32 p.m.114 views

CVE-2021-27064

CVE-2021-27064 is a local elevation-of-privilege vulnerability in the Microsoft Visual Studio Installer component. The CVSS details (CVSS:3.1) indicate a LOCAL, LOW-PRIVILEGE exploitation with no user interaction, leading to HIGH confidentiality, integrity, and availability impact if exploited, t...

7.8CVSS7.6AI score0.0059EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.113 views

CVE-2022-41119

CVE-2022-41119 concerns Microsoft Visual Studio Remote Code Execution. Connected sources describe it as a Visual Studio vulnerability leading to arbitrary code execution, attributed to insufficient input validation in Visual Studio and affecting multiple VS versions (including 2017/2019 and 2022 ...

7.8CVSS7.8AI score0.00774EPSS
CVE
CVE
added 2020/11/11 6:48 a.m.112 views

CVE-2020-17100

CVE-2020-17100 is a Visual Studio tampering vulnerability with a Local access vector and a Medium impact entry (I:H, other impacts N). The connected sources confirm this vulnerability affects Microsoft Developer Tools including Visual Studio and related tooling, enabling spoofing of the user inte...

5.5CVSS5.4AI score0.008EPSS
CVE
CVE
added 2020/06/09 7:43 p.m.110 views

CVE-2020-1278

CVE-2020-1278 relates to an elevation of privilege in the Diagnostics Hub Standard Collector Service due to improper file operations. The vulnerability enables local privilege elevation, as the service handles files in a way that can be exploited by an authenticated attacker with access to the sy...

7.8CVSS8.1AI score0.00785EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.108 views

CVE-2020-0793

CVE-2020-0793 is an elevation-of-privilege vulnerability affecting the Diagnostics Hub Standard Collector Service, where improper handling of file operations enables local attacker exploitation. The CVSSv3.1 vector indicates LOCAL access, LOW attack complexity, LOW privileges required, and NONE u...

7.8CVSS8.5AI score0.00788EPSS
CVE
CVE
added 2020/04/15 3:12 p.m.100 views

CVE-2020-0899

CVE-2020-0899 describes an elevation of privilege in Microsoft Visual Studio updater service caused by improper handling of file permissions. An attacker who can log on to the system and exploit this flaw could write/overwrite files in the security context of the local system, potentially leading...

5.5CVSS6.8AI score0.0076EPSS
CVE
CVE
added 2021/11/10 12:47 a.m.100 views

CVE-2021-42319

CVE-2021-42319 corresponds to a Visual Studio elevation-of-privilege vulnerability. Publicly referenced details indicate local, low-complexity access with user rights required for exploitation, resulting in privilege escalation and, per sources, high impact on availability. NVD metrics show CVSSv...

5.5CVSS4.9AI score0.00456EPSS
CVE
CVE
added 2023/02/14 8:9 p.m.100 views

CVE-2023-21567

CVE-2023-21567 is a Microsoft Visual Studio denial-of-service vulnerability. Connected sources confirm it affects Visual Studio and related developer tools, with CVSSv3.1 base score 5.6 (Medium) and a local attack vector requiring user interaction. Public documents describe a DoS impact and list ...

5.6CVSS5.8AI score0.00799EPSS
CVE
CVE
added 2019/08/14 8:55 p.m.97 views

CVE-2019-1211

CVE-2019-1211 is an elevation of privilege vulnerability in Git for Visual Studio stemming from improper parsing of Git configuration files. The authenticated attacker could modify configuration files before full installation and then convince another user to run specific Git commands, executing ...

7.3CVSS7.5AI score0.01654EPSS
CVE
CVE
added 2025/03/11 4:59 p.m.97 views

CVE-2025-24998

CVE-2025-24998 is an Elevation of Privilege vulnerability in Visual Studio caused by an Uncontrolled search path element. A local attacker with low privileges and user interaction can potentially escalate to higher privileges. CVSSv3 base score 7.3 (HIGH); impact on confidentiality, integrity, an...

7.3CVSS7.2AI score0.00417EPSS
CVE
CVE
added 2024/06/11 4:59 p.m.95 views

CVE-2024-29060

CVE-2024-29060 is an elevation of privilege vulnerability in Microsoft Visual Studio family. The CVE affects multiple VS versions (e.g., Visual Studio 2017–2022 lineups) with a root cause described across sources as an elevation of privileges vulnerability that can be exploited to gain higher pri...

6.7CVSS6.8AI score0.00892EPSS
CVE
CVE
added 2018/07/11 12:0 a.m.94 views

CVE-2018-8232

The CVE-2018-8232 entry refers to a Tampering vulnerability in Microsoft Macro Assembler within Microsoft Visual Studio. The root cause, as documented by multiple sources, is improper validation of code in Macro Assembler, with Microsoft’s security updates addressing the issue by ensuring proper ...

7.8CVSS7.5AI score0.01085EPSS
CVE
CVE
added 2020/04/15 3:12 p.m.90 views

CVE-2020-0900

CVE-2020-0900 describes an elevation of privilege vulnerability in the Visual Studio Extension Installer Service caused by improper handling of file operations. An attacker with local access could log on and run a specially crafted application to exploit this flaw. Microsoft’s MSRC advisory and t...

5.5CVSS6.8AI score0.0076EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.90 views

CVE-2025-21206

The CVE-2025-21206 issue concerns the Visual Studio installers with an elevation-of-privilege vulnerability. A concrete root cause mentioned in connected PT-2025-6298 is an uncontrolled search path element affecting the Visual Studio Installer, which could allow a local attacker to gain higher pr...

7.3CVSS7.4AI score0.00676EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.89 views

CVE-2020-0884

CVE-2020-0884 describes a spoofing vulnerability in Microsoft Visual Studio where a reply URL is not secured by SSL. An attacker who exploits this could compromise access tokens used during development workflows (e.g., when working with an Outlook Web Add-in) and thereby gain security/privacy ris...

4.3CVSS4.9AI score0.01629EPSS
CVE
CVE
added 2019/01/08 9:0 p.m.87 views

CVE-2019-0546

CVE-2019-0546 is a Visual Studio Remote Code Execution vulnerability tied to the C++ compiler handling certain constructs. Affected product families include Microsoft Visual Studio (listed variants from OpenVAS/CIRCL/CNVD/NVD/MSRC data). The root cause is the compiler's handling of specific C++ c...

9.3CVSS7.8AI score0.16113EPSS
CVE
CVE
added 2025/07/08 4:58 p.m.86 views

CVE-2025-49739

CVE-2025-49739: Visual Studio elevation of privilege due to improper link resolution before file access ("link following"). The issue could allow a network-access attacker to elevate privileges on a affected machine. Connected sources indicate this CVE has public exploits (per Kaspersky entry in ...

8.8CVSS6.5AI score0.00771EPSS
CVE
CVE
added 2025/05/13 4:58 p.m.82 views

CVE-2025-32703

CVE-2025-32703 (Visual Studio) is an information-disclosure vulnerability caused by insufficient granularity of access control in Visual Studio, enabling an authorized, local attacker to disclose information. The vulnerability affects multiple Visual Studio releases (2017 15.x, 2019 16.x, 2022 17...

5.5CVSS6.7AI score0.00425EPSS
CVE
CVE
added 2019/11/12 6:53 p.m.80 views

CVE-2019-1425

CVE-2019-1425 (Visual Studio Elevation of Privilege Vulnerability) : The issue arises when Visual Studio fails to properly validate hardlinks during extraction of archived files. Root cause is improper hardlink validation introduced via npm-packages (tar and fstream) used by Visual Studio. Exploi...

6.5CVSS6.4AI score0.03116EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.37 views

CVE-2025-55240

CVE-2025-55240 is a Visual Studio elevation-of-privilege issue described as an improper access control that lets an authorized attacker escalate to full local privileges. CVSS indicates local attack, low attack complexity, required low privileges, and user interaction, with high impact on confide...

7.3CVSS6.5AI score0.00343EPSS
Total number of security vulnerabilities92