A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka “Visual Studio Remote Code Execution Vulnerability.” This affects Microsoft Visual Studio, Expression Blend 4.
visual_studio_2017
CVE-2020-26870
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
CVE-2020-1597
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’.
CVE-2020-1416
An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka ‘Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability’.
CVE-2020-1147
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka ‘.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability’.
CVE-2021-28321
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28322.