118 matches found
CVE-2024-28932
CVE-2024-28932 is a remote code execution vulnerability in Microsoft ODBC Driver for SQL Server. Connected sources confirm the issue affects the ODBC Driver family and is addressed by Microsoft security updates. Specifically, security updates KB5037570/KB5037571 cover ODBC Driver 17 for SQL Serve...
CVE-2021-42277
Technical details about CVE-2021-42277 are not provided in the connected documents; only generic vulnerability labels and references are available. Monitor for official advisories or CVE records for affected products, fixes, and mitigations.
CVE-2021-1723
CVE-2021-1723 is an ASP.NET Core/dotnet-denial-of-service issue related to the HTTP/2 path. Connected advisories cite that running callbacks outside of locks can cause a Krestel deadlock, leading to a DoS condition. Affected products include dotnet-runtime and related packages (Azure/Visual Studi...
CVE-2024-28938
CVE-2024-28938 corresponds to a Remote Code Execution vulnerability in Microsoft ODBC Driver for SQL Server. The issue affects the ODBC Driver family (notably components used by SQL Server clients) and is tied to improper handling that could permit arbitrary code execution. Microsoft has released...
CVE-2024-28935
CVE-2024-28935 pertains to the Microsoft ODBC Driver for SQL Server. It is a Remote Code Execution vulnerability in the ODBC Driver component. The public record indicates an RCE vulnerability with CVSSv3 base score 8.8 (Network, high impact, user interaction required). Microsoft’s April 2024 secu...
CVE-2021-1721
CVE-2021-1721 is a denial-of-service vulnerability in dotnet-core/.NET Core prior to 3.1.12 affecting HTTPS web requests during X509 certificate chain building. Multiple sources (Arch Linux advisories ASA-202103-17 and ASA-202103-16) describe the impact as a denial of service, with upgrade paths ...
CVE-2022-35777
CVE-2022-35777 is a Visual Studio remote code execution vulnerability affecting the VSGraphics component. Connected sources (KB/MSRC/NVD) identify it as a Fbx File parser Heap overflow vulnerability within Visual Studio product lines, with references listing affected versions (including VS 2012 U...
CVE-2022-21871
Technical details about CVE-2022-21871 are not publicly provided in the supplied documents; no affected product/version, root cause, or remediation are described here. Monitor for official disclosures and updates.
CVE-2021-1639
CVE-2021-1639 appears as a Visual Studio Code remote code execution vulnerability. Connected sources confirm Visual Studio Code is affected and note public exploits exist (Kaspersky). The documents provide high-severity impact for this CVE but do not consistently expose concrete root-cause detail...
CVE-2021-1651
Technical details about CVE-2021-1651 are not provided in the supplied documents; only the vulnerability is named. Monitor for updates from official advisories.
CVE-2023-21815
CVE-2023-21815 is a Visual Studio remote code execution vulnerability. The connected Microsoft KB entries state it exists in Visual Studio 2013 Update 5 and is caused by improper handling of debug information, enabling remote code execution. The updated security fixes (KB5026610 for VS2013 Update...
CVE-2019-1077
Summary (CVE-2019-1077): A local elevation-of-privilege flaw in the Visual Studio updater service arises from improper handling of file permissions. The vulnerability allows an attacker who can log on locally to overwrite arbitrary files with XML content in the local system security context, enab...
CVE-2019-0727
CVE-2019-0727 describes an elevation-of-privilege flaw in the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector, allowing an attacker who can log on to delete files in arbitrary locations. The vulnerability is rooted in the collectors’ handling of file deletion permissio...
CVE-2023-28296
CVE-2023-28296 is a Microsoft Visual Studio remote code execution vulnerability with multiple affected products (Visual Studio 2022/2019, .NET components, and Visual Studio Code). The root cause is not explicitly detailed here, but the CVSSv3.1 scores it as a high-severity, locally exploitable is...
CVE-2020-1597
CVE-2020-1597 is a denial-of-service vulnerability in ASP.NET Core where remote, unauthenticated attackers can cause resource exhaustion by sending specially crafted web requests. The flaw stems from how ASP.NET Core handles incoming requests and is fixed by an update that corrects request handli...
CVE-2025-21178
Technical details about CVE-2025-21178 are not publicly provided in the connected documents. No affected product/version/root cause/impact are specified here. Monitor for updates from MSRC/MSKB and other sources for concrete details and patch information.
CVE-2023-33139
CVE-2023-33139 describes an Information Disclosure vulnerability in Microsoft Visual Studio, tied to the VSGraphics component. Public disclosures indicate affected VS versions range from Visual Studio 2013 Update 5 through newer updates, with MSKB entries (KB5026454/KB5026455) outlining hotfixes ...
CVE-2021-27068
CVE-2021-27068 is a Visual Studio remote code execution vulnerability. Public records confirm an in-scope vulnerability affecting Visual Studio components, allowing remote code execution with network access and low attack complexity; exploitation can lead to high impact on confidentiality, integr...
CVE-2022-35826
CVE-2022-35826 is a Visual Studio remote code execution vulnerability affecting multiple Visual Studio versions through the VSGraphics component, with Microsoft’s August 2022 updates addressing CVE-2022-35826 alongside related CVEs (e.g., 35825, 35777, 35827). The Microsoft advisories describe an...
CVE-2019-1232
CVE-2019-1232 is a local elevation-of-privilege flaw in the Diagnostics Hub Standard Collector Service. Affected: Diagnostics Hub Standard Collector Service; root cause: improper impersonation of certain file operations. Impact per sources: confidentiality, integrity, and availability are rated p...
CVE-2020-16856
CVE-2020-16856 is a Visual Studio remote code execution vulnerability. The issue arises from how Visual Studio handles objects in memory, enabling an attacker to run arbitrary code in the context of the current user. If the user runs Visual Studio with administrative rights, the attacker could ta...
CVE-2020-17156
CVE-2020-17156 is a Microsoft Visual Studio remote code execution vulnerability. Connected sources corroborate a Visual Studio/Developer Tools exposure with high-severity impact (CVSS v3.1 base 7.8) and note that an update is available from Microsoft/MSRC to fix it. Affected products include vari...
CVE-2023-23381
CVE-2023-23381 is a Visual Studio remote code execution vulnerability. Connected documents confirm this CVE is referenced in Microsoft security updates for multiple Visual Studio versions (e.g., VS2013 Update 5 and VS2015 Update 3) with patches/KB articles available (KB5026610, KB5025792). The KB...
CVE-2023-28262
CVE-2023-28262 is a Microsoft Visual Studio elevation of privilege vulnerability. Several connected sources (e.g., NCSC advisories) confirm a privilege-escalation flaw affecting multiple Visual Studio products, including various Visual Studio versions (e.g., 2017/2019/2022 lines) and Visual Studi...
CVE-2020-1161
CVE-2020-1161 is a denial-of-service vulnerability in ASP.NET Core where improper handling of web requests can trigger a DoS. It is referenced in multiple advisories (e.g., RHSA-2020:2250 and ELSA-2020-2250) as part of the .NET Core DoS fixes. The connected Red Hat advisories indicate the remedia...
CVE-2020-1133
Technical details about CVE-2020-1133 are not publicly provided in the connected documents. Available sources mention Diagnostics Hub Standard Collector and the fix, but no affected versions, exploit specifics, or mitigation steps are given. Monitor for updates.
CVE-2020-1130
CVE-2020-1130 affects the Diagnostics Hub Standard Collector. The issue is an elevation of privilege in the collector’s data handling, enabling a crafted local application to run processes in an elevated context. The vulnerability is addressed by updating how the Diagnostics Hub Standard Collecto...
CVE-2022-35825
Technical details about CVE-2022-35825 are not publicly provided in the supplied documents. No explicit affected product version, root cause, or remediation is described here. Monitor for official updates from Microsoft and security advisories.
CVE-2023-21566
CVE-2023-21566 is a Visual Studio elevation-of-privilege vulnerability. The linked documents describe insufficient access restrictions in Visual Studio that can allow a local attacker with low privileges to escalate to higher privileges (obtaining increased entitlements). Exploitation is local an...
CVE-2020-1202
CVE-2020-1202 affects Diagnostics Hub Standard Collector or Visual Studio Standard Collector. Root cause: improper handling of memory objects leading to elevation of privilege. Impact: local elevation of privileges if exploited; CVSS data in the Initial document indicates HIGH severity. Exploitat...
CVE-2021-28321
CVE-2021-28321 is a elevation-of-privilege issue in the Diagnostics Hub Standard Collector Service. The NVD entry lists a local, low-attack‑complexity vector with no authentication, achieving high impact on confidentiality, integrity, and availability (CVSS‑3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:...
CVE-2020-16874
CVE-2020-16874 is a Visual Studio remote code execution vulnerability caused by improper handling of objects in memory. Exploitation requires a user to open a specially crafted file, potentially allowing arbitrary code execution in the current user context with Administrative rights. Microsoft an...
CVE-2021-43877
CVE-2021-43877 is an elevation-of-privilege vulnerability reported for ASP.NET Core (and Visual Studio) . The primary sources in the connected documents identify it by title as an “Elevation of Privilege” issue without providing explicit technical details in the text here. NVD data in the initial...
CVE-2020-0810
CVE-2020-0810 affects the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector on Windows. The root cause is an elevation of privilege vulnerability allowing file creation in arbitrary locations, exploitable by a logged-on attacker who runs a crafted application; this could...
CVE-2020-1393
Summary: CVE-2020-1393 is an elevation of privilege in Windows Diagnostics Hub related to the Standard Collector Service failing to sanitize input, causing insecure library loading. The root cause is input validation/sanitization weaknesses leading to loading of untrusted libraries. This CVE is r...
CVE-2021-28313
Technical details about CVE-2021-28313 are not publicly provided in the supplied documents. Monitor for updates from NVD, MSRC, and vendor advisories for affected components and fixes.
CVE-2021-26434
CVE-2021-26434 is a Visual Studio local privilege escalation. The issue arises during installation of Game development with C++/Unreal Engine workload, where the installer creates a directory with write permissions for all users, enabling LPE. Affected products include various Visual Studio versi...
CVE-2020-1257
Technical details about CVE-2020-1257 are not provided in the connected documents. Public aliases, affected components, impact or fixes are not specified here; monitor for authoritative updates.
CVE-2021-1680
Technical details about CVE-2021-1680 are not publicly available in the provided connected documents. Monitor for updates for affected product, root cause, impact, and remediation information.
CVE-2021-28322
Technical details about CVE-2021-28322 are not publicly provided in the supplied documents. No affected products, exploit information, or fixes are described here. Monitor for updates from the referenced advisories and vulnerability feeds.
CVE-2020-1293
CVE-2020-1293 is an Elevation of Privilege vulnerability in Diagnostics Hub Standard Collector Service where file operations are mishandled. The connected AVLeonarov item places CVE-2020-1293 under Diagnostics Hub Standard Collector EOP and lists it alongside CVE-2020-1257 and CVE-2020-1278, but ...
CVE-2021-36952
The linked Nessus entry for CVE-2021-36952 identifies Visual Studio as affected, describing a local, memory-handling vulnerability that an unauthenticated attacker can exploit to bypass authentication and execute arbitrary commands. This is stated as a Visual Studio code-execution issue caused by...
CVE-2020-1203
CVE-2020-1203 is an elevation of privilege affecting the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector, caused by improper handling of memory in affected objects. The description notes this CVE is distinct from CVE-2020-1202 and does not provide explicit affected ver...
CVE-2024-43603
CVE-2024-43603 is a Denial of Service vulnerability in the Visual Studio Diagnostics Hub Standard Collector (Visual Studio Collector Service). The MS security update description confirms a DoS in Diagnostics Hub Standard Collector when handling certain file operations. Remediations are provided v...
CVE-2021-27064
CVE-2021-27064 is a local elevation-of-privilege vulnerability in the Microsoft Visual Studio Installer component. The CVSS details (CVSS:3.1) indicate a LOCAL, LOW-PRIVILEGE exploitation with no user interaction, leading to HIGH confidentiality, integrity, and availability impact if exploited, t...
CVE-2022-41119
CVE-2022-41119 concerns Microsoft Visual Studio Remote Code Execution. Connected sources describe it as a Visual Studio vulnerability leading to arbitrary code execution, attributed to insufficient input validation in Visual Studio and affecting multiple VS versions (including 2017/2019 and 2022 ...
CVE-2020-17100
CVE-2020-17100 is a Visual Studio tampering vulnerability with a Local access vector and a Medium impact entry (I:H, other impacts N). The connected sources confirm this vulnerability affects Microsoft Developer Tools including Visual Studio and related tooling, enabling spoofing of the user inte...
CVE-2023-28263
CVE-2023-28263 is described as a Visual Studio Information Disclosure Vulnerability. The associated records show a Medium base score (CVSS v3.1: 5.5) with Local attack vector, Low attack complexity, Low privileges required, and a High confidentiality impact, with no explicit exploitation details ...
CVE-2020-1278
CVE-2020-1278 relates to an elevation of privilege in the Diagnostics Hub Standard Collector Service due to improper file operations. The vulnerability enables local privilege elevation, as the service handles files in a way that can be exploited by an authenticated attacker with access to the sy...
CVE-2020-0793
CVE-2020-0793 is an elevation-of-privilege vulnerability affecting the Diagnostics Hub Standard Collector Service, where improper handling of file operations enables local attacker exploitation. The CVSSv3.1 vector indicates LOCAL access, LOW attack complexity, LOW privileges required, and NONE u...