Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Visual_studio_2019
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 109 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-11 | CVE-2020-1133 | <p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p> | Visual_studio, Visual_studio_2017, Visual_studio_2019, Windows_10, Windows_server_2016, Windows_server_2019 | N/A | ||
| 2020-09-15 | CVE-2020-8927 | A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. | Ubuntu_linux, Debian_linux, Fedora, Brotli, \.net, \.net_core, Powershell, Visual_studio_2019, Visual_studio_2022, Leap | 6.5 | ||
| 2020-10-07 | CVE-2020-26870 | Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. | Dompurify, Debian_linux, Visual_studio_2017, Visual_studio_2019, Application_express | 6.1 | ||
| 2020-11-11 | CVE-2020-17100 | Visual Studio Tampering Vulnerability | Visual_studio_2017, Visual_studio_2019 | N/A | ||
| 2020-12-10 | CVE-2020-17156 | Visual Studio Remote Code Execution Vulnerability | Visual_studio_2017, Visual_studio_2019 | N/A | ||
| 2021-01-12 | CVE-2021-1651 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Visual_studio, Visual_studio_2017, Visual_studio_2019, Windows_10, Windows_server_2016, Windows_server_2019 | N/A | ||
| 2021-01-12 | CVE-2021-1680 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Visual_studio, Visual_studio_2017, Visual_studio_2019, Windows_10, Windows_server_2016, Windows_server_2019 | N/A | ||
| 2021-01-12 | CVE-2021-1723 | ASP.NET Core and Visual Studio Denial of Service Vulnerability | Fedora, Asp\.net_core, Visual_studio_2019 | N/A | ||
| 2021-02-25 | CVE-2021-1639 | Visual Studio Code Remote Code Execution Vulnerability | Visual_studio_2017, Visual_studio_2019, Visual_studio_code | N/A | ||
| 2021-02-25 | CVE-2021-1721 | .NET Core and Visual Studio Denial of Service Vulnerability | \.net, \.net_core, Powershell_core, Visual_studio_2017, Visual_studio_2019 | N/A |