Microsoft Visual Studio 2019 vulnerabilities

CVE-2021-43877 [HIGH] CVE-2021-43877: ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

CVE-2021-42277 [MEDIUM] CWE-269 CVE-2021-42277: Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVE-2021-42319 [MEDIUM] CWE-269 CVE-2021-42319: Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability

CVE-2021-41355 [MEDIUM] CVE-2021-41355: .NET Core and Visual Studio Information Disclosure Vulnerability .NET Core and Visual Studio Information Disclosure Vulnerability

CVE-2021-26434 [HIGH] CWE-732 CVE-2021-26434: Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability

CVE-2021-26423 [HIGH] CVE-2021-26423: .NET Core and Visual Studio Denial of Service Vulnerability .NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-34532 [MEDIUM] CVE-2021-34532: ASP.NET Core and Visual Studio Information Disclosure Vulnerability ASP.NET Core and Visual Studio Information Disclosure Vulnerability

CVE-2021-34485 [MEDIUM] CVE-2021-34485: .NET Core and Visual Studio Information Disclosure Vulnerability .NET Core and Visual Studio Information Disclosure Vulnerability

CVE-2021-31204 [HIGH] CVE-2021-31204: .NET and Visual Studio Elevation of Privilege Vulnerability .NET and Visual Studio Elevation of Privilege Vulnerability

CVE-2021-28321 [HIGH] CWE-59 CVE-2021-28321: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

CVE-2021-28313 [HIGH] CWE-269 CVE-2021-28313: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

CVE-2021-28322 [HIGH] CWE-269 CVE-2021-28322: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

CVE-2021-27064 [HIGH] CVE-2021-27064: Visual Studio Installer Elevation of Privilege Vulnerability Visual Studio Installer Elevation of Privilege Vulnerability

CVE-2021-1639 [HIGH] CVE-2021-1639: Visual Studio Code Remote Code Execution Vulnerability Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-1721 [MEDIUM] CVE-2021-1721: .NET Core and Visual Studio Denial of Service Vulnerability .NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-1723 [HIGH] CVE-2021-1723: ASP.NET Core and Visual Studio Denial of Service Vulnerability ASP.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-1651 [HIGH] CWE-269 CVE-2021-1651: Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVE-2021-1680 [HIGH] CWE-269 CVE-2021-1680: Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVE-2020-26870 [MEDIUM] CWE-79 CVE-2020-26870: Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.

CVE-2020-8927 [MEDIUM] CWE-130 CVE-2020-8927: A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recomm