Total
55 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1293 | 1 Microsoft | 6 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 3 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278. | |||||
| CVE-2020-1278 | 1 Microsoft | 6 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 3 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293. | |||||
| CVE-2020-1393 | 1 Microsoft | 6 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 3 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418. | |||||
| CVE-2020-1257 | 1 Microsoft | 6 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 3 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293. | |||||
| CVE-2019-1232 | 1 Microsoft | 6 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 3 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-0727 | 1 Microsoft | 6 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 3 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1079 | 1 Microsoft | 1 Visual Studio | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'. | |||||
| CVE-2018-8599 | 1 Microsoft | 5 Visual Studio, Visual Studio 2017, Windows 10 and 2 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers. | |||||
| CVE-2019-0537 | 1 Microsoft | 1 Visual Studio | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio. | |||||
| CVE-2018-1037 | 1 Microsoft | 2 Visual Studio, Visual Studio 2017 | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio. | |||||
| CVE-2018-8172 | 1 Microsoft | 3 Expression Blend, Visual Studio, Visual Studio 2017 | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4. | |||||
| CVE-2014-3802 | 1 Microsoft | 2 Debug Interface Access Software Development Kit, Visual Studio | 2023-12-10 | 6.8 MEDIUM | N/A |
| msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file. | |||||
| CVE-2011-1976 | 1 Microsoft | 2 Report Viewer, Visual Studio | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability." | |||||
| CVE-2010-3190 | 2 Apple, Microsoft | 4 Itunes, Visual C\+\+, Visual Studio and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability." | |||||
| CVE-2011-1280 | 1 Microsoft | 4 Office Infopath, Sql Server, Sql Server Management Studio Express and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
| The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability." | |||||
| CVE-2012-0008 | 1 Microsoft | 1 Visual Studio | 2023-12-10 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." | |||||
| CVE-2009-2495 | 1 Microsoft | 3 Visual C\+\+, Visual Studio, Visual Studio .net | 2023-12-10 | 7.8 HIGH | N/A |
| The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." | |||||
| CVE-2009-2493 | 1 Microsoft | 7 Visual C\+\+, Visual Studio, Windows 2000 and 4 more | 2023-12-10 | 9.3 HIGH | N/A |
| The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." | |||||
| CVE-2009-2502 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2023-12-10 | 9.3 HIGH | N/A |
| Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." | |||||
| CVE-2009-2500 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2023-12-10 | 9.3 HIGH | N/A |
| Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." | |||||