Msrc Microsoft Visual Studio 2017 Version 15.9 vulnerabilities
124 known vulnerabilities affecting msrc/microsoft_visual_studio_2017_version_15.9.
Total CVEs
124
CISA KEV
2
actively exploited
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH95MEDIUM19LOW1
Vulnerabilities
Page 5 of 7
CVE-2021-26701HIGHCVSS 8.12021-02-09
CVE-2021-26701 [HIGH] .NET Core Remote Code Execution Vulnerability
.NET Core Remote Code Execution Vulnerability
FAQ: Is Visual Studio affected by this vulnerability?
Visual Studio contains the binaries for .NET, but Visual Studio is not vulnerable to this issue. The update is offered to include the .NET files so any future applications built in Visual Studio which include .NET functionality will be protected from this issue.
.NET Core: .NET Core
Microsoft: Microsoft
Impact: Remote Code Exe
msrc
CVE-2021-1721MEDIUMCVSS 6.52021-02-09
CVE-2021-1721 [MEDIUM] .NET Core and Visual Studio Denial of Service Vulnerability
.NET Core and Visual Studio Denial of Service Vulnerability
Developer Tools: Developer Tools
Microsoft: Microsoft
Impact: Denial of Service
Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Remediation: Release Notes
Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.7
Ref
msrc
CVE-2021-1651HIGHCVSS 7.82021-01-12
CVE-2021-1651 [HIGH] Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows Diagnostic Hub: Windows Diagnostic Hub
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.
msrc
CVE-2021-1680HIGHCVSS 7.82021-01-12
CVE-2021-1680 [HIGH] Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows Diagnostic Hub: Windows Diagnostic Hub
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.
msrc
CVE-2020-26870HIGHCVSS 7.02021-01-12
CVE-2020-26870 [MEDIUM] Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
FAQ: Why is a CVE that was issued by the MITRE Corporation in the Security Update Guide?
CVE-2020-26870 documents a vulnerability in Cure53 DOMPurify which is open source software used by Visual Studio. The documented Visual Studio updates incorporate the updates in Cure53 DOMPurify which address the vulnerability.
Visual Studio: Visual Studio
MITRE Corporation: MITRE Co
msrc
CVE-2020-17156HIGHCVSS 7.82020-12-08
CVE-2020-17156 [HIGH] Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
To exploit this vulnerability, an attacker would need to convince a targeted user to clone a malicious repository from inside Visual Studio. Attacker-specified code would execute during the clone operation.
Visual Studio: Visual Studio
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
msrc
CVE-2020-17100MEDIUMCVSS 5.52020-11-10
CVE-2020-17100 [MEDIUM] Visual Studio Tampering Vulnerability
Visual Studio Tampering Vulnerability
Visual Studio: Visual Studio
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Tampering
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Remediation: Release Notes
Reference: http://aka.ms/vs/15/release/latest
Reference: https://my.visualstudio.com/Downloads?q=Visual Studio
msrc
CVE-2020-16874HIGHCVSS 7.82020-09-08
CVE-2020-16874 [HIGH] Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could
msrc
CVE-2020-16856HIGHCVSS 7.82020-09-08
CVE-2020-16856 [HIGH] Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could
msrc
CVE-2020-1130MEDIUMCVSS 5.52020-09-08
CVE-2020-1130 [MEDIUM] Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
An attacker could exploit this vulnerability by running a specially crafted application on
msrc
CVE-2020-1133MEDIUMCVSS 5.52020-09-08
CVE-2020-1133 [MEDIUM] Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
An attacker could exploit this vulnerability by running a specially crafted application on
msrc
CVE-2020-1597HIGHCVSS 7.52020-08-11
CVE-2020-1597 [HIGH] ASP.NET Core Denial of Service Vulnerability
ASP.NET Core Denial of Service Vulnerability
Description: A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing speci
msrc
CVE-2020-1147CRITICALCVSS 7.8KEVPoC2020-07-14
CVE-2020-1147 [HIGH] .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process r
msrc
CVE-2020-1393HIGHCVSS 7.82020-07-14
CVE-2020-1393 [HIGH] Windows Diagnostics Hub Elevation of Privilege Vulnerability
Windows Diagnostics Hub Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install progra
msrc
CVE-2020-1416HIGHCVSS 8.82020-07-14
CVE-2020-1416 [HIGH] Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability
Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies. A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user. If the current user is logged on with administrative user r
msrc
CVE-2020-1293HIGHCVSS 7.82020-06-09
CVE-2020-1293 [HIGH] Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.
An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.
Th
msrc
CVE-2020-1202HIGHCVSS 7.02020-06-09
CVE-2020-1202 [HIGH] Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
To exploit this vulnerability, an attacker woul
msrc
CVE-2020-1278HIGHCVSS 7.82020-06-09
CVE-2020-1278 [HIGH] Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.
An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.
Th
msrc
CVE-2020-1257HIGHCVSS 7.82020-06-09
CVE-2020-1257 [HIGH] Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.
An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.
Th
msrc
CVE-2020-1203HIGHCVSS 7.82020-06-09
CVE-2020-1203 [HIGH] Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
To exploit this vulnerability, an attacker woul
msrc