VYPR

Visual Studio

by Microsoft

CVEs (157)

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2009-2493HigJul 29, 2009
    risk 0.61cvss 8.8epss 0.43

    The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2;…

  • CVE-2009-0901HigJul 29, 2009
    risk 0.61cvss 8.8epss 0.42

    The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does…

  • CVE-2026-41109HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2018-0952HigAug 15, 2018
    risk 0.54cvss 7.8epss 0.06

    An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual…

  • CVE-2009-2502HigOct 14, 2009
    risk 0.54cvss 8.1epss 0.22

    Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003…

  • CVE-2018-8172HigJul 11, 2018
    risk 0.53cvss 7.8epss 0.31

    A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.

  • CVE-2018-8232HigJul 11, 2018
    risk 0.51cvss 7.8epss 0.01

    A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka "Microsoft Macro Assembler Tampering Vulnerability." This affects Microsoft Visual Studio.

  • CVE-2010-3190HigAug 31, 2010
    risk 0.51cvss 7.8epss 0.09

    Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local…

  • CVE-2022-29145HigMay 10, 2022
    risk 0.49cvss 7.5epss 0.05

    .NET and Visual Studio Denial of Service Vulnerability

  • CVE-2022-29117HigMay 10, 2022
    risk 0.49cvss 7.5epss 0.05

    .NET and Visual Studio Denial of Service Vulnerability

  • CVE-2022-24464HigMar 9, 2022
    risk 0.49cvss 7.5epss 0.03

    .NET and Visual Studio Denial of Service Vulnerability

  • CVE-2009-2495MedJul 29, 2009
    risk 0.46cvss 6.5epss 0.42

    The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via…

  • CVE-2026-32203HigApr 14, 2026
    risk 0.42cvss 7.5epss 0.01

    Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.

  • CVE-2026-32178HigApr 14, 2026
    risk 0.42cvss 7.5epss 0.01

    Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2022-38013HigSep 13, 2022
    risk 0.42cvss 7.5epss 0.03

    .NET Core and Visual Studio Denial of Service Vulnerability

  • CVE-2026-23653MedApr 14, 2026
    risk 0.37cvss 5.7epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.

  • CVE-2022-24512MedMar 9, 2022
    risk 0.34cvss 6.3epss 0.02

    .NET and Visual Studio Remote Code Execution Vulnerability

  • CVE-2018-1037MedApr 12, 2018
    risk 0.28cvss 4.3epss 0.06

    An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.

  • CVE-2022-41034Oct 11, 2022
    risk 0.08cvss epss 0.67

    Visual Studio Code Remote Code Execution Vulnerability

Page 1 of 8