Microsoft Powershell

Do you want an email whenever new security vulnerabilities are reported in Microsoft Powershell?

Recent Microsoft Powershell Security Advisories

Advisory	Title	Published
CVE-2023-36013	PowerShell Information Disclosure Vulnerability	November 17, 2023
CVE-2022-41076	PowerShell Remote Code Execution Vulnerability	December 13, 2022
CVE-2022-26788	PowerShell Elevation of Privilege Vulnerability	April 12, 2022
CVE-2021-43896	Microsoft PowerShell Spoofing Vulnerability	December 14, 2021

By the Year

In 2023 there have been 2 vulnerabilities in Microsoft Powershell with an average score of 7.0 out of ten. Last year Powershell had 6 security vulnerabilities published. Right now, Powershell is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.30

Year	Vulnerabilities	Average Score
2023	2	7.00
2022	6	7.30
2021	2	5.60
2020	3	6.90
2019	0	0.00
2018	0	0.00

It may take a day or so for new Powershell vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Powershell Security Vulnerabilities

PowerShell Information Disclosure Vulnerability

CVE-2023-36013 6.5 - Medium - November 20, 2023

PowerShell Information Disclosure Vulnerability

Exposure of Resource to Wrong Sphere

.NET Denial of Service Vulnerability

CVE-2023-21538 7.5 - High - January 10, 2023

.NET Denial of Service Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2022-41121 7.8 - High - December 13, 2022

Windows Graphics Component Elevation of Privilege Vulnerability

PowerShell Remote Code Execution Vulnerability

CVE-2022-41076 8.5 - High - December 13, 2022

PowerShell Remote Code Execution Vulnerability

.NET Spoofing Vulnerability

CVE-2022-34716 5.9 - Medium - August 09, 2022

.NET Spoofing Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

CVE-2022-23267 7.5 - High - May 10, 2022

.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.

PowerShell Elevation of Privilege Vulnerability

CVE-2022-26788 7.8 - High - April 15, 2022

PowerShell Elevation of Privilege Vulnerability

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2022-24512 6.3 - Medium - March 09, 2022

.NET and Visual Studio Remote Code Execution Vulnerability

Microsoft PowerShell Spoofing Vulnerability

CVE-2021-43896 5.5 - Medium - December 15, 2021

Microsoft PowerShell Spoofing Vulnerability

.NET Core and Visual Studio Information Disclosure Vulnerability

CVE-2021-41355 5.7 - Medium - October 13, 2021

.NET Core and Visual Studio Information Disclosure Vulnerability

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash

CVE-2020-8927 6.5 - Medium - September 15, 2020

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Classic Buffer Overflow

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could

CVE-2020-0951 6.7 - Medium - September 11, 2020

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'.

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests

CVE-2020-1108 7.5 - High - May 21, 2020

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Net or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Powershell
Product

Microsoft Powershell

Recent Microsoft Powershell Security Advisories

By the Year

Recent Microsoft Powershell Security Vulnerabilities

PowerShell Information Disclosure Vulnerability CVE-2023-36013 6.5 - Medium - November 20, 2023

.NET Denial of Service Vulnerability CVE-2023-21538 7.5 - High - January 10, 2023

Windows Graphics Component Elevation of Privilege Vulnerability CVE-2022-41121 7.8 - High - December 13, 2022

PowerShell Remote Code Execution Vulnerability CVE-2022-41076 8.5 - High - December 13, 2022

.NET Spoofing Vulnerability CVE-2022-34716 5.9 - Medium - August 09, 2022

.NET and Visual Studio Denial of Service Vulnerability CVE-2022-23267 7.5 - High - May 10, 2022

PowerShell Elevation of Privilege Vulnerability CVE-2022-26788 7.8 - High - April 15, 2022

.NET and Visual Studio Remote Code Execution Vulnerability CVE-2022-24512 6.3 - Medium - March 09, 2022

Microsoft PowerShell Spoofing Vulnerability CVE-2021-43896 5.5 - Medium - December 15, 2021

.NET Core and Visual Studio Information Disclosure Vulnerability CVE-2021-41355 5.7 - Medium - October 13, 2021

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash CVE-2020-8927 6.5 - Medium - September 15, 2020

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could CVE-2020-0951 6.7 - Medium - September 11, 2020

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests CVE-2020-1108 7.5 - High - May 21, 2020