92 matches found
CVE-2020-1161
CVE-2020-1161 is a denial-of-service vulnerability in ASP.NET Core where improper handling of web requests can trigger a DoS. It is referenced in multiple advisories (e.g., RHSA-2020:2250 and ELSA-2020-2250) as part of the .NET Core DoS fixes. The connected Red Hat advisories indicate the remedia...
CVE-2020-1133
Technical details about CVE-2020-1133 are not publicly provided in the connected documents. Available sources mention Diagnostics Hub Standard Collector and the fix, but no affected versions, exploit specifics, or mitigation steps are given. Monitor for updates.
CVE-2020-1130
CVE-2020-1130 affects the Diagnostics Hub Standard Collector. The issue is an elevation of privilege in the collector’s data handling, enabling a crafted local application to run processes in an elevated context. The vulnerability is addressed by updating how the Diagnostics Hub Standard Collecto...
CVE-2022-35825
Technical details about CVE-2022-35825 are not publicly provided in the supplied documents. No explicit affected product version, root cause, or remediation is described here. Monitor for official updates from Microsoft and security advisories.
CVE-2018-8599
CVE-2018-8599 is the Diagnostics Hub Standard Collector Service Elevation of Privilege vulnerability. The NVD entry states a local attacker could exploit improper impersonation of certain file operations to gain privileges on affected Microsoft software, including Visual Studio, Windows Server 20...
CVE-2023-21566
CVE-2023-21566 is a Visual Studio elevation-of-privilege vulnerability. The linked documents describe insufficient access restrictions in Visual Studio that can allow a local attacker with low privileges to escalate to higher privileges (obtaining increased entitlements). Exploitation is local an...
CVE-2020-1202
CVE-2020-1202 affects Diagnostics Hub Standard Collector or Visual Studio Standard Collector. Root cause: improper handling of memory objects leading to elevation of privilege. Impact: local elevation of privileges if exploited; CVSS data in the Initial document indicates HIGH severity. Exploitat...
CVE-2020-16874
CVE-2020-16874 is a Visual Studio remote code execution vulnerability caused by improper handling of objects in memory. Exploitation requires a user to open a specially crafted file, potentially allowing arbitrary code execution in the current user context with Administrative rights. Microsoft an...
CVE-2021-28321
CVE-2021-28321 is a elevation-of-privilege issue in the Diagnostics Hub Standard Collector Service. The NVD entry lists a local, low-attack‑complexity vector with no authentication, achieving high impact on confidentiality, integrity, and availability (CVSS‑3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:...
CVE-2020-0810
CVE-2020-0810 affects the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector on Windows. The root cause is an elevation of privilege vulnerability allowing file creation in arbitrary locations, exploitable by a logged-on attacker who runs a crafted application; this could...
CVE-2020-1393
Summary: CVE-2020-1393 is an elevation of privilege in Windows Diagnostics Hub related to the Standard Collector Service failing to sanitize input, causing insecure library loading. The root cause is input validation/sanitization weaknesses leading to loading of untrusted libraries. This CVE is r...
CVE-2021-28313
Technical details about CVE-2021-28313 are not publicly provided in the supplied documents. Monitor for updates from NVD, MSRC, and vendor advisories for affected components and fixes.
CVE-2021-26434
CVE-2021-26434 is a Visual Studio local privilege escalation. The issue arises during installation of Game development with C++/Unreal Engine workload, where the installer creates a directory with write permissions for all users, enabling LPE. Affected products include various Visual Studio versi...
CVE-2021-1680
Technical details about CVE-2021-1680 are not publicly available in the provided connected documents. Monitor for updates for affected product, root cause, impact, and remediation information.
CVE-2021-28322
Technical details about CVE-2021-28322 are not publicly provided in the supplied documents. No affected products, exploit information, or fixes are described here. Monitor for updates from the referenced advisories and vulnerability feeds.
CVE-2018-1037
CVE-2018-1037 affects Microsoft Visual Studio family. The vulnerability is an information disclosure caused by improper handling of uninitialized memory when compiling Program Database (PDB) files, allowing disclosure of limited memory contents. The NVD entry lists CVSSv3 base score 4.3 (Medium),...
CVE-2019-0809
CVE-2019-0809 affects the Visual Studio C++ Redistributable Installer. The vulnerability arises from improper validation of input before loading DLLs, enabling remote code execution in the context of the current user. Exploitation requires the attacker to place a malicious DLL on the target syste...
CVE-2020-1257
Technical details about CVE-2020-1257 are not provided in the connected documents. Public aliases, affected components, impact or fixes are not specified here; monitor for authoritative updates.
CVE-2020-1293
CVE-2020-1293 is an Elevation of Privilege vulnerability in Diagnostics Hub Standard Collector Service where file operations are mishandled. The connected AVLeonarov item places CVE-2020-1293 under Diagnostics Hub Standard Collector EOP and lists it alongside CVE-2020-1257 and CVE-2020-1278, but ...
CVE-2021-36952
The linked Nessus entry for CVE-2021-36952 identifies Visual Studio as affected, describing a local, memory-handling vulnerability that an unauthenticated attacker can exploit to bypass authentication and execute arbitrary commands. This is stated as a Visual Studio code-execution issue caused by...
CVE-2020-1203
CVE-2020-1203 is an elevation of privilege affecting the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector, caused by improper handling of memory in affected objects. The description notes this CVE is distinct from CVE-2020-1202 and does not provide explicit affected ver...
CVE-2024-43603
CVE-2024-43603 is a Denial of Service vulnerability in the Visual Studio Diagnostics Hub Standard Collector (Visual Studio Collector Service). The MS security update description confirms a DoS in Diagnostics Hub Standard Collector when handling certain file operations. Remediations are provided v...
CVE-2021-27064
CVE-2021-27064 is a local elevation-of-privilege vulnerability in the Microsoft Visual Studio Installer component. The CVSS details (CVSS:3.1) indicate a LOCAL, LOW-PRIVILEGE exploitation with no user interaction, leading to HIGH confidentiality, integrity, and availability impact if exploited, t...
CVE-2022-41119
CVE-2022-41119 concerns Microsoft Visual Studio Remote Code Execution. Connected sources describe it as a Visual Studio vulnerability leading to arbitrary code execution, attributed to insufficient input validation in Visual Studio and affecting multiple VS versions (including 2017/2019 and 2022 ...
CVE-2020-17100
CVE-2020-17100 is a Visual Studio tampering vulnerability with a Local access vector and a Medium impact entry (I:H, other impacts N). The connected sources confirm this vulnerability affects Microsoft Developer Tools including Visual Studio and related tooling, enabling spoofing of the user inte...
CVE-2020-1278
CVE-2020-1278 relates to an elevation of privilege in the Diagnostics Hub Standard Collector Service due to improper file operations. The vulnerability enables local privilege elevation, as the service handles files in a way that can be exploited by an authenticated attacker with access to the sy...
CVE-2020-0793
CVE-2020-0793 is an elevation-of-privilege vulnerability affecting the Diagnostics Hub Standard Collector Service, where improper handling of file operations enables local attacker exploitation. The CVSSv3.1 vector indicates LOCAL access, LOW attack complexity, LOW privileges required, and NONE u...
CVE-2020-0899
CVE-2020-0899 describes an elevation of privilege in Microsoft Visual Studio updater service caused by improper handling of file permissions. An attacker who can log on to the system and exploit this flaw could write/overwrite files in the security context of the local system, potentially leading...
CVE-2021-42319
CVE-2021-42319 corresponds to a Visual Studio elevation-of-privilege vulnerability. Publicly referenced details indicate local, low-complexity access with user rights required for exploitation, resulting in privilege escalation and, per sources, high impact on availability. NVD metrics show CVSSv...
CVE-2023-21567
CVE-2023-21567 is a Microsoft Visual Studio denial-of-service vulnerability. Connected sources confirm it affects Visual Studio and related developer tools, with CVSSv3.1 base score 5.6 (Medium) and a local attack vector requiring user interaction. Public documents describe a DoS impact and list ...
CVE-2019-1211
CVE-2019-1211 is an elevation of privilege vulnerability in Git for Visual Studio stemming from improper parsing of Git configuration files. The authenticated attacker could modify configuration files before full installation and then convince another user to run specific Git commands, executing ...
CVE-2025-24998
CVE-2025-24998 is an Elevation of Privilege vulnerability in Visual Studio caused by an Uncontrolled search path element. A local attacker with low privileges and user interaction can potentially escalate to higher privileges. CVSSv3 base score 7.3 (HIGH); impact on confidentiality, integrity, an...
CVE-2024-29060
CVE-2024-29060 is an elevation of privilege vulnerability in Microsoft Visual Studio family. The CVE affects multiple VS versions (e.g., Visual Studio 2017–2022 lineups) with a root cause described across sources as an elevation of privileges vulnerability that can be exploited to gain higher pri...
CVE-2018-8232
The CVE-2018-8232 entry refers to a Tampering vulnerability in Microsoft Macro Assembler within Microsoft Visual Studio. The root cause, as documented by multiple sources, is improper validation of code in Macro Assembler, with Microsoft’s security updates addressing the issue by ensuring proper ...
CVE-2020-0900
CVE-2020-0900 describes an elevation of privilege vulnerability in the Visual Studio Extension Installer Service caused by improper handling of file operations. An attacker with local access could log on and run a specially crafted application to exploit this flaw. Microsoft’s MSRC advisory and t...
CVE-2025-21206
The CVE-2025-21206 issue concerns the Visual Studio installers with an elevation-of-privilege vulnerability. A concrete root cause mentioned in connected PT-2025-6298 is an uncontrolled search path element affecting the Visual Studio Installer, which could allow a local attacker to gain higher pr...
CVE-2020-0884
CVE-2020-0884 describes a spoofing vulnerability in Microsoft Visual Studio where a reply URL is not secured by SSL. An attacker who exploits this could compromise access tokens used during development workflows (e.g., when working with an Outlook Web Add-in) and thereby gain security/privacy ris...
CVE-2019-0546
CVE-2019-0546 is a Visual Studio Remote Code Execution vulnerability tied to the C++ compiler handling certain constructs. Affected product families include Microsoft Visual Studio (listed variants from OpenVAS/CIRCL/CNVD/NVD/MSRC data). The root cause is the compiler's handling of specific C++ c...
CVE-2025-49739
CVE-2025-49739: Visual Studio elevation of privilege due to improper link resolution before file access ("link following"). The issue could allow a network-access attacker to elevate privileges on a affected machine. Connected sources indicate this CVE has public exploits (per Kaspersky entry in ...
CVE-2025-32703
CVE-2025-32703 (Visual Studio) is an information-disclosure vulnerability caused by insufficient granularity of access control in Visual Studio, enabling an authorized, local attacker to disclose information. The vulnerability affects multiple Visual Studio releases (2017 15.x, 2019 16.x, 2022 17...
CVE-2019-1425
CVE-2019-1425 (Visual Studio Elevation of Privilege Vulnerability) : The issue arises when Visual Studio fails to properly validate hardlinks during extraction of archived files. Root cause is improper hardlink validation introduced via npm-packages (tar and fstream) used by Visual Studio. Exploi...
CVE-2025-55240
CVE-2025-55240 is a Visual Studio elevation-of-privilege issue described as an improper access control that lets an authorized attacker escalate to full local privileges. CVSS indicates local attack, low attack complexity, required low privileges, and user interaction, with high impact on confide...