Lucene search
K
MicrosoftVisual Studio 2019

118 matches found

CVE
CVE
added 2020/07/14 10:54 p.m.1386 views

CVE-2020-1147

CVE-2020-1147 affects the .NET Framework, SharePoint Server, and Visual Studio. The root cause is improper handling of XML input, specifically a failure to validate the source markup during deserialization, which can lead to remote code execution. The vulnerability is characterized by the ability...

7.8CVSS8.1AI score0.94243EPSS
In wildWeb
CVE
CVE
added 2023/09/12 4:58 p.m.544 views

CVE-2023-36792

CVE-2023-36792 is a Windows-only Visual Studio/.NET remote code execution vulnerability. Root cause: Microsoft.DiaSymReader.Native.amd64.dll mishandles corrupted PDB files, enabling RCE. Affected: .NET 6.0 and .NET 7.0 runtimes (applications) prior to patched versions. Patched versions: .NET 6.0....

7.8CVSS7.9AI score0.01441EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.541 views

CVE-2023-36793

CVE-2023-36793 is a Microsoft .NET/Visual Studio remote code execution vulnerability. It stems from Microsoft.DiaSymReader.Native.amd64.dll reading a corrupted PDB file, affecting Windows systems. Affected: .NET 7.0 up to 7.0.10 and .NET 6.0 up to 6.0.21. Patched versions: .NET 7.0.11 and .NET 6....

7.8CVSS7.9AI score0.01441EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.540 views

CVE-2023-36796

CVE-2023-36796 is a .NET Framework RCE vulnerability in DiaSymReader.dll triggered when reading a corrupted PDB file. It affects .NET Framework 3.5 and 4.8.1 on Windows Server/Windows OS configurations described in KB5029918. Mitigation: apply the corresponding cumulative update (KB5029918) or th...

7.8CVSS7.9AI score0.01441EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.536 views

CVE-2023-36794

CVE-2023-36794 is a Visual Studio/.NET remote code execution vulnerability. Affects Windows applications using Microsoft.DiaSymReader.Native.amd64.dll when reading corrupted PDB files, potentially enabling code execution. Affected: .NET 6.0 and .NET 7.0 runtimes and Visual Studio environments; pa...

7.8CVSS7.9AI score0.01441EPSS
CVE
CVE
added 2020/09/15 9:15 a.m.501 views

CVE-2020-8927

CVE-2020-8927 is a buffer overflow in the Brotli library prior to 1.0.8 triggered by oversized one-shot decompression requests (copying chunks > 2 GiB), which can crash a target process. Affected: Brotli up to 1.0.7/older builds used by various ecosystems. Root cause: unsafe handling of input ...

6.5CVSS6.6AI score0.03217EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.490 views

CVE-2025-21172

CVE-2025-21172 is a Microsoft .NET/Visual Studio remote code execution vulnerability. The linked CVE record notes the root cause as an integer overflow and a heap-based overflow in msdia140.dll, yielding a high-impact remote code execution scenario over network; exploitation status is not detaile...

7.5CVSS7.8AI score0.01764EPSS
CVE
CVE
added 2021/02/25 11:2 p.m.449 views

CVE-2021-26701

Technical details about CVE-2021-26701 are not publicly provided in the connected documents. No affected products, versions, or remediation are specified here. Monitor for official advisories and updates.

9.8CVSS8.5AI score0.30315EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.425 views

CVE-2023-36759

CVE-2023-36759 is a Visual Studio elevation-of-privilege vulnerability. The available data indicate a LOCAL attack with HIGH impact to confidentiality, integrity, and availability, requiring user interaction and with LOW privileges needed. Affected software spans Microsoft Visual Studio family (i...

6.7CVSS6.7AI score0.00527EPSS
CVE
CVE
added 2022/03/09 5:8 p.m.377 views

CVE-2022-24512

CVE-2022-24512 is an RCE in .NET that affects .NET 6.0, .NET 5.0, and .NET Core 3.1 due to a stack buffer overrun in the Double Parse routine. An attacker could exploit it by sending a specially crafted request over the network to execute code on the target. Remediation per connected docs: upgrad...

6.8CVSS7.2AI score0.01556EPSS
CVE
CVE
added 2024/10/08 5:36 p.m.371 views

CVE-2024-43590

CVE-2024-43590 is a local elevation-of-privilege vulnerability in the Visual C++ Redistributable Installer. A local attacker with Low privileges could exploit this (UI: none) to gain High confidentiality, integrity, and availability impact, with the attack vector being local and requiring Low pri...

7.8CVSS7.8AI score0.00426EPSS
CVE
CVE
added 2022/05/10 8:33 p.m.353 views

CVE-2022-23267

CVE-2022-23267 is a .NET Denial of Service vulnerability. The connected sources describe a DoS arising from a crafted HttpClient request that can exhaust memory and impact .NET/ASP.NET/Visual Studio environments. The IBM RPA bulletin lists CVE-2022-23267 as part of multiple vulnerabilities with r...

7.5CVSS7.5AI score0.04935EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.347 views

CVE-2022-29117

CVE-2022-29117 is described as a denial-of-service vulnerability in Microsoft ASP.NET and Visual Studio. The entry notes a network-exploit path with no authentication required, leading to an availability impact (CVE-2022-29117) with CVSS v3.1 base score 7.5 (HIGH) and CVSS v2.0 base score 5.0 (PA...

7.5CVSS7.5AI score0.04608EPSS
CVE
CVE
added 2024/04/09 5:0 p.m.347 views

CVE-2024-28929

CVE-2024-28929 affects the Microsoft ODBC Driver for SQL Server. Public advisories and update docs show a remote code execution vulnerability in the ODBC driver family, with attackers potentially bypassing authentication and executing arbitrary commands. Remediation is to install the security upd...

8.8CVSS9AI score0.02399EPSS
CVE
CVE
added 2023/02/14 8:9 p.m.310 views

CVE-2023-21808

CVE-2023-21808 is a remote code execution vulnerability in .NET and Visual Studio related to how debugging symbols are read. Connected sources confirm affected products include .NET 6.0/7.0 runtimes and SDKs and Visual Studio components, with the root cause in the handling of symbol files (debug ...

7.8CVSS7.9AI score0.01148EPSS
CVE
CVE
added 2021/02/25 11:1 p.m.308 views

CVE-2021-24112

CVE-2021-24112 is a .NET Core remote-code-execution vulnerability that arises when parsing certain graphics inputs (notably involving libgdiplus) on non‑Windows systems (MacOS/Linux). Public documents describe exploitation leading to arbitrary code execution and provide concrete remediation paths...

9.8CVSS9.1AI score0.0327EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.294 views

CVE-2022-29145

CVE-2022-29145 is a .NET denial-of-service vulnerability. The GitHub advisory (GHSA-fcg8-mg9g-6hc4) states exploitation via parsing HTML forms can cause DoS in .NET 6.0, .NET 5.0, and .NET Core 3.1. Affected versions include .NET Core 3.1 (3.1.24 and earlier), .NET 5.0 (5.0.16 and earlier), and ....

7.5CVSS7.5AI score0.04663EPSS
CVE
CVE
added 2020/01/24 8:50 p.m.275 views

CVE-2019-1352

CVE-2019-1352 is a remote code execution vulnerability described as arising when Git for Visual Studio improperly sanitizes input. The connected Astra Linux advisory notes a libgit2-based issue (path.c handling of NTFS Alternate Data Streams) that is similar to CVE-2019-1352, and other advisories...

9.3CVSS9.2AI score0.24014EPSS
CVE
CVE
added 2022/03/09 5:7 p.m.275 views

CVE-2022-24464

CVE-2022-24464 is a denial-of-service vulnerability affecting Microsoft ASP.NET Core and Visual Studio components. Multiple connected sources describe a DoS condition triggered by certain inputs, with public scoring indicating a high impact (CVSSv3.1: 7.5, network attack, no authentication, avail...

7.5CVSS7.5AI score0.03228EPSS
CVE
CVE
added 2020/01/24 8:50 p.m.273 views

CVE-2019-1349

CVE-2019-1349 concerns a remote code execution vulnerability in Git for Visual Studio caused by improper input sanitization. The connected documents corroborate that this CVE is distinct from other CVEs in the same family and tie the issue to Git for Visual Studio, noting an impact of remote code...

9.3CVSS9.2AI score0.34007EPSS
CVE
CVE
added 2023/08/08 5:8 p.m.273 views

CVE-2023-36897

CVE-2023-36897 is a spoofing vulnerability in the Visual Studio Tools for Office (VSTO) Runtime. It can allow impersonation of another user and is tied to Office/VSTO deployments. Evidence from multiple sources (MSRC/KB5029497, Nessus plugin, NCSC advisory) indicates the issue affects VSTO runtim...

8.1CVSS7AI score0.01603EPSS
CVE
CVE
added 2024/04/09 5:0 p.m.272 views

CVE-2024-28931

CVE-2024-28931 affects the Microsoft ODBC Driver for SQL Server. The vulnerability enables remote code execution with network access and requires no privileges, with user interaction reportedly involved per CVSS metrics. The CVE is addressed by updates across ODBC Driver versions; example fixes i...

8.8CVSS9AI score0.02415EPSS
CVE
CVE
added 2022/08/09 8:12 p.m.265 views

CVE-2022-35827

CVE-2022-35827 is a Visual Studio remote code execution vulnerability affecting multiple Visual Studio releases (e.g., 2012 Update 5, 2013 Update 5, 2015 Update 3) via the VSGraphics component. Microsoft update pages (KB5016314/KB5016315/KB5016316) describe security updates with specific hotfix f...

8.8CVSS8.8AI score0.01779EPSS
CVE
CVE
added 2023/06/14 2:52 p.m.264 views

CVE-2023-24897

CVE-2023-24897 covers a .NET/.NET Framework/Visual Studio Remote Code Execution vulnerability. Public advisories attribute the flaw to the MSDIA SDK (causing heap overflow due to corrupted PDBs) and enable RCE under certain conditions. Affected products include .NET 6/7 runtimes and corresponding...

7.8CVSS7.9AI score0.01184EPSS
CVE
CVE
added 2022/04/15 7:3 p.m.260 views

CVE-2022-24513

CVE-2022-24513 is a Visual Studio elevation-of-privilege vulnerability with a LOCAL attack vector, exploitation requiring LOW privileges, and HIGH impact on confidentiality, integrity, and availability per CVSSv3. Connected sources confirm this CVE is discussed in Microsoft advisories and securit...

7.8CVSS7.6AI score0.00753EPSS
CVE
CVE
added 2020/05/21 10:53 p.m.252 views

CVE-2020-1108

CVE-2020-1108 affects Microsoft .NET Core and .NET Framework; a denial-of-service can be caused by improper handling of incoming web requests. The IBM security bulletin (referencing IBM X-Force) lists a base score of 7.5 (HIGH) and notes the vulnerability affects IBM Robotic Process Automation pr...

7.5CVSS7.3AI score0.11684EPSS
CVE
CVE
added 2024/04/09 5:1 p.m.250 views

CVE-2024-28930

CVE-2024-28930 affects the Microsoft ODBC Driver for SQL Server. The vulnerability is a remote code execution issue in the ODBC driver components that can be exploited over a network with no privileges and requires user interaction (per CVSS metrics in the initial document). The linked updates co...

8.8CVSS9AI score0.02356EPSS
CVE
CVE
added 2024/01/09 5:57 p.m.247 views

CVE-2024-20656

CVE-2024-20656 is a Microsoft Visual Studio elevation-of-privilege vulnerability. Public sources indicate it stems from how Diagnostics Hub Standard Collector handles data operations, enabling a local attacker to gain SYSTEM privileges when exploiting Visual Studio components. The vulnerability i...

7.8CVSS7.6AI score0.03913EPSS
CVE
CVE
added 2022/06/15 9:52 p.m.245 views

CVE-2022-30184

CVE-2022-30184 is a .NET/Visual Studio information-disclosure vulnerability. Connected sources confirm it targets Microsoft software via improper input validation, enabling a local attacker to obtain sensitive information when processing crafted content. The CVSSv3.1 base score is 5.5 (AV:L/AC:L/...

5.5CVSS5.3AI score0.05327EPSS
CVE
CVE
added 2024/04/09 5:1 p.m.244 views

CVE-2024-28937

CVE-2024-28937 is a remote code execution vulnerability in Microsoft ODBC Driver for SQL Server. The connected documentation confirms the issue affects the Microsoft ODBC Driver for SQL Server and is addressed by updates in the April 2024 security releases. The issue is exploitable over a network...

8.8CVSS9AI score0.0233EPSS
CVE
CVE
added 2024/04/09 5:1 p.m.238 views

CVE-2024-28933

CVE-2024-28933 is a Remote Code Execution vulnerability in Microsoft ODBC Driver for SQL Server. The connected sources confirm an in-the-wild risk surfaced by the ODBC driver family (drivers v17 and v18) used with SQL Server clients. The issue is described as a remote code execution vulnerability...

8.8CVSS9AI score0.02415EPSS
CVE
CVE
added 2020/10/07 3:50 p.m.237 views

CVE-2020-26870

CVE-2020-26870 affects DOMPurify up to 2.0.16/2.0.17, where a serialize-parse roundtrip can alter the DOM (namespace changes HTML→MathML, e.g., nesting FORM elements), enabling a mutation XSS. The issue is documented by Cure53 and linked analyses; a fix was released with DOMPurify 2.0.17. Related...

6.1CVSS6.1AI score0.04881EPSS
CVE
CVE
added 2020/01/24 8:50 p.m.235 views

CVE-2019-1354

Technical details for CVE-2019-1354 are not publicly provided in the supplied documents; monitor for updates.

9.3CVSS9.2AI score0.22427EPSS
CVE
CVE
added 2024/04/09 5:0 p.m.228 views

CVE-2024-28936

CVE-2024-28936 : A Remote Code Execution vulnerability in the Microsoft ODBC Driver for SQL Server. Affects the Microsoft ODBC Driver for SQL Server components; the issue is fixed by Microsoft inApril 2024 security updates for SQL Server ODBC Driver 17.x (e.g., 17.10.6.1) and 18.x (e.g., 18.3.3.1...

8.8CVSS9AI score0.02415EPSS
CVE
CVE
added 2020/07/14 10:54 p.m.227 views

CVE-2020-1416

CVE-2020-1416 is the Visual Studio and Visual Studio Code Elevation of Privilege vulnerability. The issue arises when these products load software dependencies, allowing a local attacker who can plant malicious content to execute arbitrary code with the user’s privileges. Microsoft’s advisory sta...

9.3CVSS8.7AI score0.05862EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.224 views

CVE-2022-41032

IBM Robotic Process Automation for Cloud Pak is affected by CVE-2022-41032 (Microsoft NuGet Client elevation of privilege). The advisory links this vulnerability to the base container images and recommends updating IBM RPA for Cloud Pak to 21.0.6 or higher to remediate. The bulletin lists CVE-202...

7.8CVSS7.8AI score0.01057EPSS
CVE
CVE
added 2021/10/13 12:28 a.m.221 views

CVE-2021-41355

CVE-2021-41355 is discussed across connected advisories, with concrete detail from MiracleLinux AXSA-2021-2473:12: dotnet5.0-5.0.208-1.el8.ML.1 is affected and the vulnerability is that System.DirectoryServices.Protocols.LdapConnection can transmit credentials in plaintext if the TLS handshake fa...

5.7CVSS5.5AI score0.20342EPSS
CVE
CVE
added 2021/08/12 6:11 p.m.219 views

CVE-2021-26423

CVE-2021-26423 is a .NET Core/ASP.NET DoS vulnerability described as a denial of service in WebSocket frame processing. The primary documentation identifies affected software as .NET Core and Visual Studio (Denial of Service Vulnerability) with network-based exposure and low attack complexity. Co...

7.5CVSS7.4AI score0.03858EPSS
CVE
CVE
added 2020/01/24 8:50 p.m.217 views

CVE-2019-1350

Technical details about CVE-2019-1350 are not publicly available in the provided documents. Monitor for updates and forthcoming advisories.

9.3CVSS9.2AI score0.25666EPSS
CVE
CVE
added 2021/08/12 6:11 p.m.216 views

CVE-2021-34485

CVE-2021-34485 is a .NET Core information disclosure vulnerability. The root cause is that crash-dump files created by the tool (for crash dumps and on-demand dumps) could be written with world-readable permissions on Linux/macOS, enabling local attackers to read sensitive dump data. Affected sof...

5.5CVSS5.8AI score0.01265EPSS
CVE
CVE
added 2022/09/13 12:0 a.m.216 views

CVE-2022-38013

CVE-2022-38013 is a .NET Denial of Service vulnerability affecting .NET Core and related components across multiple Linux distributions. The connected documents reference updates and security fixes for various package families (e.g., ALT Linux packages dotnet-bootstrap, dotnet-aspnetcore, dotnet-...

7.5CVSS7.5AI score0.03074EPSS
CVE
CVE
added 2023/04/11 7:13 p.m.216 views

CVE-2023-28299

CVE-2023-28299 is the Visual Studio Spoofing Vulnerability. Connected sources indicate this affects Microsoft Visual Studio tooling and related components, with the NCSC entry mapping CVE-2023-28299 to an impersonation (spoofing) impact and noting PoCs exist for several related CVEs. The vulnerab...

5.5CVSS5.8AI score0.00543EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.207 views

CVE-2023-36042

CVE-2023-36042 is a Microsoft .NET Framework-related Denial of Service vulnerability. Connected sources show that multiple monthly security updates (KB5034276/KB5034274/KB5034275/KB5033920–KB5033910 family) address this issue across Windows 10/11, Azure Stack HCI, and server variants by applying ...

6.2CVSS6AI score0.00787EPSS
CVE
CVE
added 2022/04/12 5:51 p.m.206 views

CVE-2022-24767

CVE-2022-24767 affects Git for Windows prior to 2.35.2, where the uninstaller is vulnerable to DLL hijacking when executed under the SYSTEM account. Root cause: uninstaller loads a malicious DLL from a user-writable path, enabling potential arbitrary code execution or compromise of the host as de...

7.8CVSS7.6AI score0.01403EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.205 views

CVE-2021-31204

CVE-2021-31204 affects .NET Core/.NET 5.x components. Multiple connected advisories describe an elevation-of-privilege vulnerability in .NET 5.0 and .NET Core 3.1 when a user runs a single-file application on Linux/macOS, allowing privilege escalation. Upstream fixes exist: Runtime/SDK updates to...

7.8CVSS7.3AI score0.01397EPSS
CVE
CVE
added 2022/02/09 4:36 p.m.204 views

CVE-2022-21986

CVE-2022-21986 is a .NET Denial of Service vulnerability in the Kestrel web server. The issue arises when processing certain HTTP/2 and HTTP/3 requests, enabling remote network-based DoS with low attack complexity. Affected products include .NET 6.0 up to 6.0.1 and .NET 5.0 up to 5.0.13. Remediat...

7.5CVSS7.5AI score0.03739EPSS
CVE
CVE
added 2024/04/09 5:1 p.m.204 views

CVE-2024-28934

CVE-2024-28934 refers to a remote code execution vulnerability in the Microsoft ODBC Driver for SQL Server. The connected MS update advisories confirm fixes in the ODBC Driver components: Driver 17 (SQL Server ODBC Driver 17) updated to build 17.10.6.1 and Driver 18 updated to build 18.3.3.1, add...

8.8CVSS9AI score0.02415EPSS
CVE
CVE
added 2021/08/12 6:12 p.m.202 views

CVE-2021-34532

Technical details for CVE-2021-34532 are not publicly provided in the supplied documents. Monitor for updates from the referenced advisories and vendor security guidance.

5.5CVSS6.2AI score0.01121EPSS
CVE
CVE
added 2020/01/24 8:50 p.m.200 views

CVE-2019-1351

CVE-2019-1351 refers to a tampering vulnerability in Git for Visual Studio, caused by improper handling of virtual drive paths. The available documents explicitly identify the issue as a tampering vulnerability and name the affected component, but they do not provide exploit details, affected ver...

7.5CVSS8.3AI score0.08718EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.198 views

CVE-2021-31957

The CVE-2021-31957 issue is an ASP.NET Core Denial of Service vulnerability. It affects ASP.NET Core apps when handling client disconnects, allowing remote attackers to trigger a DoS without authentication. Affected platforms include .NET 5.0 and .NET Core 3.1 runtimes. The advisory states that e...

7.5CVSS6AI score0.05138EPSS
Total number of security vulnerabilities118