118 matches found
CVE-2020-0899
CVE-2020-0899 describes an elevation of privilege in Microsoft Visual Studio updater service caused by improper handling of file permissions. An attacker who can log on to the system and exploit this flaw could write/overwrite files in the security context of the local system, potentially leading...
CVE-2021-42319
CVE-2021-42319 corresponds to a Visual Studio elevation-of-privilege vulnerability. Publicly referenced details indicate local, low-complexity access with user rights required for exploitation, resulting in privilege escalation and, per sources, high impact on availability. NVD metrics show CVSSv...
CVE-2023-21567
CVE-2023-21567 is a Microsoft Visual Studio denial-of-service vulnerability. Connected sources confirm it affects Visual Studio and related developer tools, with CVSSv3.1 base score 5.6 (Medium) and a local attack vector requiring user interaction. Public documents describe a DoS impact and list ...
CVE-2019-1211
CVE-2019-1211 is an elevation of privilege vulnerability in Git for Visual Studio stemming from improper parsing of Git configuration files. The authenticated attacker could modify configuration files before full installation and then convince another user to run specific Git commands, executing ...
CVE-2025-24998
CVE-2025-24998 is an Elevation of Privilege vulnerability in Visual Studio caused by an Uncontrolled search path element. A local attacker with low privileges and user interaction can potentially escalate to higher privileges. CVSSv3 base score 7.3 (HIGH); impact on confidentiality, integrity, an...
CVE-2024-29060
CVE-2024-29060 is an elevation of privilege vulnerability in Microsoft Visual Studio family. The CVE affects multiple VS versions (e.g., Visual Studio 2017–2022 lineups) with a root cause described across sources as an elevation of privileges vulnerability that can be exploited to gain higher pri...
CVE-2025-25003
CVE-2025-25003 affects Visual Studio and is described as an Elevation of Privilege vulnerability caused by an Uncontrolled search path element. The CVE entry indicates local privilege escalation with high impact; exploitation details are not provided in the documents. Microsoft has published upda...
CVE-2020-0789
CVE-2020-0789 concerns a denial-of-service flaw in the Visual Studio Extension Installer Service due to improper handling of hard links. The vulnerability affects Microsoft Visual Studio-related components and could allow a local attacker to cause the target system to stop responding (DoS) and, p...
CVE-2020-0900
CVE-2020-0900 describes an elevation of privilege vulnerability in the Visual Studio Extension Installer Service caused by improper handling of file operations. An attacker with local access could log on and run a specially crafted application to exploit this flaw. Microsoft’s MSRC advisory and t...
CVE-2025-21206
The CVE-2025-21206 issue concerns the Visual Studio installers with an elevation-of-privilege vulnerability. A concrete root cause mentioned in connected PT-2025-6298 is an uncontrolled search path element affecting the Visual Studio Installer, which could allow a local attacker to gain higher pr...
CVE-2020-0884
CVE-2020-0884 describes a spoofing vulnerability in Microsoft Visual Studio where a reply URL is not secured by SSL. An attacker who exploits this could compromise access tokens used during development workflows (e.g., when working with an Outlook Web Add-in) and thereby gain security/privacy ris...
CVE-2019-1486
The CVE-2019-1486 entry describes a spoofing vulnerability in Microsoft Visual Studio Live Share: when a guest joins a Live Share session, the host can redirect the guest to an arbitrary URL, potentially causing the guest’s browser to navigate to that URL without consent. Affected products includ...
CVE-2025-49739
CVE-2025-49739: Visual Studio elevation of privilege due to improper link resolution before file access ("link following"). The issue could allow a network-access attacker to elevate privileges on a affected machine. Connected sources indicate this CVE has public exploits (per Kaspersky entry in ...
CVE-2024-30052
CVE-2024-30052 affects Microsoft Visual Studio and is described as a remote code execution vulnerability with a CVSS v3.1 base score of 4.7 (Medium). The metrics indicate LOCAL exploitation, user interaction required, HIGH integrity impact, and no confidentiality impact. Connected sources corrobo...
CVE-2025-32703
CVE-2025-32703 (Visual Studio) is an information-disclosure vulnerability caused by insufficient granularity of access control in Visual Studio, enabling an authorized, local attacker to disclose information. The vulnerability affects multiple Visual Studio releases (2017 15.x, 2019 16.x, 2022 17...
CVE-2019-1425
CVE-2019-1425 (Visual Studio Elevation of Privilege Vulnerability) : The issue arises when Visual Studio fails to properly validate hardlinks during extraction of archived files. Root cause is improper hardlink validation introduced via npm-packages (tar and fstream) used by Visual Studio. Exploi...
CVE-2025-32702
CVE-2025-32702 is a Visual Studio command-injection vulnerability (ImpropÂer neutralization of special elements used in a command) that allows local code execution. Affected products include Microsoft Visual Studio 2019/2022 and related Build Tools; attack vector is LOCAL with LOW complexity, req...
CVE-2025-55240
CVE-2025-55240 is a Visual Studio elevation-of-privilege issue described as an improper access control that lets an authorized attacker escalate to full local privileges. CVSS indicates local attack, low attack complexity, required low privileges, and user interaction, with high impact on confide...