31 matches found
CVE-2022-35827
CVE-2022-35827 is a Visual Studio remote code execution vulnerability affecting multiple Visual Studio releases (e.g., 2012 Update 5, 2013 Update 5, 2015 Update 3) via the VSGraphics component. Microsoft update pages (KB5016314/KB5016315/KB5016316) describe security updates with specific hotfix f...
CVE-2023-24897
CVE-2023-24897 covers a .NET/.NET Framework/Visual Studio Remote Code Execution vulnerability. Public advisories attribute the flaw to the MSDIA SDK (causing heap overflow due to corrupted PDBs) and enable RCE under certain conditions. Affected products include .NET 6/7 runtimes and corresponding...
CVE-2024-20656
CVE-2024-20656 is a Microsoft Visual Studio elevation-of-privilege vulnerability. Public sources indicate it stems from how Diagnostics Hub Standard Collector handles data operations, enabling a local attacker to gain SYSTEM privileges when exploiting Visual Studio components. The vulnerability i...
CVE-2021-42277
Technical details about CVE-2021-42277 are not provided in the connected documents; only generic vulnerability labels and references are available. Monitor for official advisories or CVE records for affected products, fixes, and mitigations.
CVE-2022-35777
CVE-2022-35777 is a Visual Studio remote code execution vulnerability affecting the VSGraphics component. Connected sources (KB/MSRC/NVD) identify it as a Fbx File parser Heap overflow vulnerability within Visual Studio product lines, with references listing affected versions (including VS 2012 U...
CVE-2021-1651
Technical details about CVE-2021-1651 are not provided in the supplied documents; only the vulnerability is named. Monitor for updates from official advisories.
CVE-2019-0727
CVE-2019-0727 describes an elevation-of-privilege flaw in the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector, allowing an attacker who can log on to delete files in arbitrary locations. The vulnerability is rooted in the collectors’ handling of file deletion permissio...
CVE-2023-33139
CVE-2023-33139 describes an Information Disclosure vulnerability in Microsoft Visual Studio, tied to the VSGraphics component. Public disclosures indicate affected VS versions range from Visual Studio 2013 Update 5 through newer updates, with MSKB entries (KB5026454/KB5026455) outlining hotfixes ...
CVE-2022-35826
CVE-2022-35826 is a Visual Studio remote code execution vulnerability affecting multiple Visual Studio versions through the VSGraphics component, with Microsoft’s August 2022 updates addressing CVE-2022-35826 alongside related CVEs (e.g., 35825, 35777, 35827). The Microsoft advisories describe an...
CVE-2019-1232
CVE-2019-1232 is a local elevation-of-privilege flaw in the Diagnostics Hub Standard Collector Service. Affected: Diagnostics Hub Standard Collector Service; root cause: improper impersonation of certain file operations. Impact per sources: confidentiality, integrity, and availability are rated p...
CVE-2020-16856
CVE-2020-16856 is a Visual Studio remote code execution vulnerability. The issue arises from how Visual Studio handles objects in memory, enabling an attacker to run arbitrary code in the context of the current user. If the user runs Visual Studio with administrative rights, the attacker could ta...
CVE-2018-8172
The CVE-2018-8172 entry pertains to a remote code execution vulnerability in Visual Studio family (including Visual Studio and Expression Blend) where the product fails to validate the source markup of an unbuilt project file. Root cause: improper handling of source markup in unbuilt files leadin...
CVE-2019-1079
CVE-2019-1079 affects Microsoft Visual Studio. The vulnerability arises when Visual Studio improperly parses XML input in certain settings files, enabling an XML external entity (XXE) for information disclosure. An attacker who can entice an authenticated user to open a crafted XML file could rea...
CVE-2020-1133
Technical details about CVE-2020-1133 are not publicly provided in the connected documents. Available sources mention Diagnostics Hub Standard Collector and the fix, but no affected versions, exploit specifics, or mitigation steps are given. Monitor for updates.
CVE-2020-1130
CVE-2020-1130 affects the Diagnostics Hub Standard Collector. The issue is an elevation of privilege in the collector’s data handling, enabling a crafted local application to run processes in an elevated context. The vulnerability is addressed by updating how the Diagnostics Hub Standard Collecto...
CVE-2022-35825
Technical details about CVE-2022-35825 are not publicly provided in the supplied documents. No explicit affected product version, root cause, or remediation is described here. Monitor for official updates from Microsoft and security advisories.
CVE-2018-8599
CVE-2018-8599 is the Diagnostics Hub Standard Collector Service Elevation of Privilege vulnerability. The NVD entry states a local attacker could exploit improper impersonation of certain file operations to gain privileges on affected Microsoft software, including Visual Studio, Windows Server 20...
CVE-2020-1202
CVE-2020-1202 affects Diagnostics Hub Standard Collector or Visual Studio Standard Collector. Root cause: improper handling of memory objects leading to elevation of privilege. Impact: local elevation of privileges if exploited; CVSS data in the Initial document indicates HIGH severity. Exploitat...
CVE-2021-28321
CVE-2021-28321 is a elevation-of-privilege issue in the Diagnostics Hub Standard Collector Service. The NVD entry lists a local, low-attack‑complexity vector with no authentication, achieving high impact on confidentiality, integrity, and availability (CVSS‑3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:...
CVE-2020-16874
CVE-2020-16874 is a Visual Studio remote code execution vulnerability caused by improper handling of objects in memory. Exploitation requires a user to open a specially crafted file, potentially allowing arbitrary code execution in the current user context with Administrative rights. Microsoft an...
CVE-2020-1393
Summary: CVE-2020-1393 is an elevation of privilege in Windows Diagnostics Hub related to the Standard Collector Service failing to sanitize input, causing insecure library loading. The root cause is input validation/sanitization weaknesses leading to loading of untrusted libraries. This CVE is r...
CVE-2021-28313
Technical details about CVE-2021-28313 are not publicly provided in the supplied documents. Monitor for updates from NVD, MSRC, and vendor advisories for affected components and fixes.
CVE-2018-1037
CVE-2018-1037 affects Microsoft Visual Studio family. The vulnerability is an information disclosure caused by improper handling of uninitialized memory when compiling Program Database (PDB) files, allowing disclosure of limited memory contents. The NVD entry lists CVSSv3 base score 4.3 (Medium),...
CVE-2021-1680
Technical details about CVE-2021-1680 are not publicly available in the provided connected documents. Monitor for updates for affected product, root cause, impact, and remediation information.
CVE-2021-28322
Technical details about CVE-2021-28322 are not publicly provided in the supplied documents. No affected products, exploit information, or fixes are described here. Monitor for updates from the referenced advisories and vulnerability feeds.
CVE-2020-1257
Technical details about CVE-2020-1257 are not provided in the connected documents. Public aliases, affected components, impact or fixes are not specified here; monitor for authoritative updates.
CVE-2020-1203
CVE-2020-1203 is an elevation of privilege affecting the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector, caused by improper handling of memory in affected objects. The description notes this CVE is distinct from CVE-2020-1202 and does not provide explicit affected ver...
CVE-2020-1293
CVE-2020-1293 is an Elevation of Privilege vulnerability in Diagnostics Hub Standard Collector Service where file operations are mishandled. The connected AVLeonarov item places CVE-2020-1293 under Diagnostics Hub Standard Collector EOP and lists it alongside CVE-2020-1257 and CVE-2020-1278, but ...
CVE-2024-43603
CVE-2024-43603 is a Denial of Service vulnerability in the Visual Studio Diagnostics Hub Standard Collector (Visual Studio Collector Service). The MS security update description confirms a DoS in Diagnostics Hub Standard Collector when handling certain file operations. Remediations are provided v...
CVE-2020-1278
CVE-2020-1278 relates to an elevation of privilege in the Diagnostics Hub Standard Collector Service due to improper file operations. The vulnerability enables local privilege elevation, as the service handles files in a way that can be exploited by an authenticated attacker with access to the sy...
CVE-2025-49739
CVE-2025-49739: Visual Studio elevation of privilege due to improper link resolution before file access ("link following"). The issue could allow a network-access attacker to elevate privileges on a affected machine. Connected sources indicate this CVE has public exploits (per Kaspersky entry in ...