Visual Studio 2019 Security Vulnerabilities and Issues — Page 2 of Visual Studio 2019 CVE List

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.

6.1CVSS6.1AI score0.0029EPSS

CVE•added 2022/01/11 9:15 p.m.•151 views

CVE-2022-21871

Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability

7.8CVSS8AI score0.00379EPSS

CVE•added 2019/07/15 7:15 p.m.•142 views

CVE-2019-1077

An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'.

6.6CVSS6.6AI score0.00959EPSS

CVE•added 2020/08/17 7:15 p.m.•142 views

CVE-2020-1597

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.A remote...

7.5CVSS7.3AI score0.08489EPSS

CVE•added 2023/04/11 9:15 p.m.•142 views

CVE-2023-28296

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01043EPSS

CVE•added 2019/05/16 7:29 p.m.•141 views

CVE-2019-0727

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, ...

7.8CVSS7.3AI score0.00327EPSS

CVE•added 2021/02/25 11:15 p.m.•138 views

CVE-2021-1639

Visual Studio Code Remote Code Execution Vulnerability

7.8CVSS7AI score0.01254EPSS

CVE•added 2019/09/11 10:15 p.m.•134 views

CVE-2019-1232

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.

7.8CVSS8AI score0.0037EPSS

CVE•added 2020/12/10 12:15 a.m.•134 views

CVE-2020-17156

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.06667EPSS

CVE•added 2022/08/09 8:15 p.m.•134 views

CVE-2022-35777

Visual Studio Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.00224EPSS

CVE•added 2023/06/14 12:15 a.m.•133 views

CVE-2023-33139

Visual Studio Information Disclosure Vulnerability

5.5CVSS5.5AI score0.01135EPSS

CVE•added 2023/02/14 9:15 p.m.•132 views

CVE-2023-23381

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00146EPSS

CVE•added 2025/01/14 6:15 p.m.•132 views

CVE-2025-21178

Visual Studio Remote Code Execution Vulnerability

8.8CVSS9AI score0.00596EPSS

CVE•added 2021/05/11 7:15 p.m.•130 views

CVE-2021-27068

Visual Studio Remote Code Execution Vulnerability

8.8CVSS8.9AI score0.07694EPSS

CVE•added 2023/04/11 9:15 p.m.•127 views

CVE-2023-28262

Visual Studio Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.00183EPSS

CVE•added 2020/09/11 5:15 p.m.•122 views

CVE-2020-1133

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.An attacker could exploit this vulnerability by running a specially cra...

7.8CVSS6.7AI score0.00763EPSS

CVE•added 2022/08/09 8:15 p.m.•119 views

CVE-2022-35825

Visual Studio Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.02955EPSS

CVE•added 2020/09/11 5:15 p.m.•118 views

CVE-2020-16856

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an atta...

9.3CVSS7.9AI score0.05443EPSS

CVE•added 2020/09/11 5:15 p.m.•115 views

CVE-2020-1130

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.An attacker could exploit this vulnerability by running a specially cra...

7.8CVSS7.2AI score0.00694EPSS

CVE•added 2020/05/21 11:15 p.m.•114 views

CVE-2020-1161

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

7.5CVSS7.3AI score0.03721EPSS

CVE•added 2022/08/09 8:15 p.m.•114 views

CVE-2022-35826

Visual Studio Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.03409EPSS

CVE•added 2024/07/09 5:15 p.m.•114 views

CVE-2024-35272

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8CVSS9AI score0.02955EPSS

CVE•added 2020/06/09 8:15 p.m.•112 views

CVE-2020-1202

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.

7.8CVSS8AI score0.00549EPSS

CVE•added 2023/02/14 9:15 p.m.•112 views

CVE-2023-21566

Visual Studio Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.00627EPSS

CVE•added 2021/01/12 8:15 p.m.•111 views

CVE-2021-1651

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.00462EPSS

CVE•added 2020/03/12 4:15 p.m.•110 views

CVE-2020-0810

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially cr...

7.8CVSS8.6AI score0.00404EPSS

CVE•added 2021/04/13 8:15 p.m.•110 views

CVE-2021-28321

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

7.8CVSS7.8AI score0.01106EPSS

CVE•added 2021/12/15 3:15 p.m.•109 views

CVE-2021-43877

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

8.8CVSS8.1AI score0.00732EPSS

CVE•added 2020/07/14 11:15 p.m.•107 views

CVE-2020-1393

An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.

7.8CVSS8AI score0.00709EPSS

CVE•added 2021/01/12 8:15 p.m.•104 views

CVE-2021-1680

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.00347EPSS

CVE•added 2021/04/13 8:15 p.m.•104 views

CVE-2021-28313

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.00674EPSS

CVE•added 2020/09/11 5:15 p.m.•103 views

CVE-2020-16874

9.3CVSS7.9AI score0.12146EPSS