| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| .NET Remote Code Execution Vulnerability |
| Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. |
| <p>A security feature bypass vulnerability exists in the PowerShellGet V2 module. An attacker who successfully exploited this vulnerability could bypass WDAC (Windows Defender Application Control) policy and execute arbitrary code on a policy locked-down machine.</p>
<p>An attacker must have administrator privileges to create a configuration that includes installing PowerShellGet V2 module onto a machine from the PowerShell Gallery. The WDAC policy must be configured to allow the module to run. After this is done, PowerShell script can be injected and run fully trusted, allowing the attacker arbitrary code execution on the machine.</p>
<p>The update addresses the vulnerability by changing how URLs are processed.</p> |
| <p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.</p>
<p>To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code.</p>
<p>The update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled.</p> |
| Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. |
| Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| PowerShell Remote Code Execution Vulnerability |
| .NET Framework Remote Code Execution Vulnerability |
| A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension. |
| .NET and Visual Studio Remote Code Execution Vulnerability |
| PowerShell Information Disclosure Vulnerability |
| NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability |
| .NET Spoofing Vulnerability |
| Microsoft QUIC Denial of Service Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| .NET and Visual Studio Remote Code Execution Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| PowerShell Elevation of Privilege Vulnerability |
