Powershell Security Vulnerabilities

CVE-2024-30045

.NET and Visual Studio Remote Code Execution...

CVE-2024-21409

.NET, .NET Framework, and Visual Studio Remote Code Execution...

CVE-2024-26190

Microsoft QUIC Denial of Service...

CVE-2024-21392

.NET and Visual Studio Denial of Service...

CVE-2024-0057

NET, .NET Framework, and Visual Studio Security Feature Bypass...

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...

CVE-2023-49213

The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and...

CVE-2023-36013

PowerShell Information Disclosure...

CVE-2023-38171

Microsoft QUIC Denial of Service...

CVE-2023-36435

Microsoft QUIC Denial of Service...

CVE-2023-36799

.NET Core and Visual Studio Denial of Service...

CVE-2023-36796

Visual Studio Remote Code Execution...

CVE-2023-36793

Visual Studio Remote Code Execution...

CVE-2023-36794

Visual Studio Remote Code Execution...

CVE-2023-36792

Visual Studio Remote Code Execution...

CVE-2020-10962

In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local...

CVE-2023-33127

.NET and Visual Studio Elevation of Privilege...

CVE-2023-24936

.NET, .NET Framework, and Visual Studio Elevation of Privilege...

CVE-2023-24897

.NET, .NET Framework, and Visual Studio Remote Code Execution...

CVE-2023-24895

.NET, .NET Framework, and Visual Studio Remote Code Execution...

CVE-2023-29331

.NET, .NET Framework, and Visual Studio Denial of Service...

CVE-2023-32032

.NET and Visual Studio Elevation of Privilege...

CVE-2023-33128

.NET and Visual Studio Remote Code Execution...

CVE-2023-33126

.NET and Visual Studio Remote Code Execution...

CVE-2023-28260

.NET DLL Hijacking Remote Code Execution...

CVE-2023-1203

Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected...

CVE-2023-21808

.NET and Visual Studio Remote Code Execution...

CVE-2023-21538

.NET Denial of Service...

CVE-2022-41089

.NET Framework Remote Code Execution...

CVE-2022-41121

Windows Graphics Component Elevation of Privilege...

CVE-2022-41076

PowerShell Remote Code Execution...

CVE-2022-45184

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted....

CVE-2022-45183

Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and...

CVE-2022-34716

.NET Spoofing...

CVE-2022-23267

.NET and Visual Studio Denial of Service...

CVE-2022-26788

PowerShell Elevation of Privilege...

CVE-2022-24512

.NET and Visual Studio Remote Code Execution...

CVE-2021-43896

Microsoft PowerShell Spoofing...

CVE-2021-41355

.NET Core and Visual Studio Information Disclosure...

CVE-2021-34485

.NET Core and Visual Studio Information Disclosure...

CVE-2021-26423

.NET Core and Visual Studio Denial of Service...

CVE-2021-26701

.NET Core Remote Code Execution...

CVE-2021-1721

.NET Core and Visual Studio Denial of Service...

CVE-2020-8927

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli...

CVE-2020-0951

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...

CVE-2020-1108

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service...

CVE-2019-1301

A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service...

CVE-2019-1167

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass...

CVE-2019-0627

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0631,...

CVE-2019-0631

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627,...