Visual Studio 2019 Microsoft Visual Studio 2019

stack.watch can notify you when security vulnerabilities are reported in Microsoft Visual Studio 2019. You can add multiple products that you use with Visual Studio 2019 to create your own personal software stack watcher.

By the Year

In 2020 there have been 25 vulnerabilities in Microsoft Visual Studio 2019 with an average score of 7.5 out of ten. Last year Visual Studio 2019 had 6 security vulnerabilities published. That is, 19 more vulnerabilities have already been reported in 2020 as compared to last year. However, the average CVE base score of the vulnerabilities in 2020 is greater by 0.79.

Year Vulnerabilities Average Score
2020 25 7.53
2019 6 6.75
2018 0 0.00

It may take a day or so for new Visual Studio 2019 vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft Visual Studio 2019 Security Vulnerabilities

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations

CVE-2020-1130 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1133.

CVE-2020-1130 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations

CVE-2020-1133 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1130.

CVE-2020-1133 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory

CVE-2020-16874 7.8 - High - September 11, 2020

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16856.

CVE-2020-16874 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory

CVE-2020-16856 7.8 - High - September 11, 2020

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16874.

CVE-2020-16856 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests

CVE-2020-1597 7.5 - High - August 17, 2020

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

CVE-2020-1597 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Improper Input Validation

An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input

CVE-2020-1393 7.8 - High - July 14, 2020

An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.

CVE-2020-1393 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists in .NET Framework

CVE-2020-1147 7.8 - High - July 14, 2020

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

CVE-2020-1147 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations

CVE-2020-1257 7.8 - High - June 09, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.

CVE-2020-1257 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations

CVE-2020-1278 7.8 - High - June 09, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.

CVE-2020-1278 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations

CVE-2020-1293 7.8 - High - June 09, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.

CVE-2020-1293 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory

CVE-2020-1202 7.8 - High - June 09, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.

CVE-2020-1202 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory

CVE-2020-1203 7.8 - High - June 09, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.

CVE-2020-1203 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests

CVE-2020-1161 7.5 - High - May 21, 2020

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

CVE-2020-1161 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Improper Input Validation

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests

CVE-2020-1108 7.5 - High - May 21, 2020

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

CVE-2020-1108 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions

CVE-2020-0899 5.5 - Medium - April 15, 2020

An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.

CVE-2020-0899 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations

CVE-2020-0900 5.5 - Medium - April 15, 2020

An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.

CVE-2020-0900 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Improper Privilege Management

A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links

CVE-2020-0789 7.1 - High - March 12, 2020

A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerability'.

CVE-2020-0789 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

insecure temporary file

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations

CVE-2020-0793 7.8 - High - March 12, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'.

CVE-2020-0793 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application

CVE-2020-0810 7.8 - High - March 12, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'.

CVE-2020-0810 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL

CVE-2020-0884 3.7 - Low - March 12, 2020

A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.

CVE-2020-0884 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Cleartext Transmission of Sensitive Information

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input

CVE-2019-1349 8.8 - High - January 24, 2020

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.

CVE-2019-1349 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input

CVE-2019-1350 8.8 - High - January 24, 2020

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.

CVE-2019-1350 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input

CVE-2019-1352 8.8 - High - January 24, 2020

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.

CVE-2019-1352 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input

CVE-2019-1354 8.8 - High - January 24, 2020

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.

CVE-2019-1354 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths

CVE-2019-1351 7.5 - High - January 24, 2020

A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.

CVE-2019-1351 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Use of Incorrectly-Resolved Name or Reference

A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host

CVE-2019-1486 6.1 - Medium - December 10, 2019

A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'.

CVE-2019-1486 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Open Redirect

An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files

CVE-2019-1425 6.5 - Medium - November 12, 2019

An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.

CVE-2019-1425 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

insecure temporary file

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations

CVE-2019-1232 7.8 - High - September 11, 2019

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.

CVE-2019-1232 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files

CVE-2019-1211 7.3 - High - August 14, 2019

An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files, aka 'Git for Visual Studio Elevation of Privilege Vulnerability'.

CVE-2019-1211 can be explotited with local system access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.3 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions

CVE-2019-1077 5 - Medium - July 15, 2019

An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'.

CVE-2019-1077 can be explotited with local system access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.3 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector

CVE-2019-0727 7.8 - High - May 16, 2019

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.

CVE-2019-0727 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.