Visual_studio - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Visual_studio
(Microsoft)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	54

Date	Id	Summary	Products	Score	Patch	Annotated
2020-06-09	CVE-2020-1278	An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.	Visual_studio, Visual_studio_2017, Visual_studio_2019, Windows_10, Windows_server_2016, Windows_server_2019	7.8
2020-06-09	CVE-2020-1293	An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.	Visual_studio, Visual_studio_2017, Visual_studio_2019, Windows_10, Windows_server_2016, Windows_server_2019	7.8
2020-07-14	CVE-2020-1393	An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.	Visual_studio, Visual_studio_2017, Visual_studio_2019, Windows_10, Windows_server_2016, Windows_server_2019	7.8
2010-08-31	CVE-2010-3190	Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory...	Itunes, Visual_c\+\+, Visual_studio, Visual_studio_\.net	N/A
2019-09-11	CVE-2019-1232	An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.	Visual_studio, Visual_studio_2017, Visual_studio_2019, Windows_10, Windows_server_2016, Windows_server_2019	N/A
2019-05-16	CVE-2019-0727	An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.	Visual_studio, Visual_studio_2017, Visual_studio_2019, Windows_10, Windows_server_2016, Windows_server_2019	7.8
2018-12-12	CVE-2018-8599	An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.	Visual_studio, Visual_studio_2017, Windows_10, Windows_server_2016, Windows_server_2019	7.8
2019-07-15	CVE-2019-1079	An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'.	Visual_studio	6.5
2019-01-08	CVE-2019-0537	An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.	Visual_studio	5.5
2014-05-20	CVE-2014-3802	msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.	Debug_interface_access_software_development_kit, Visual_studio	N/A