Microsoft Powershell
Recent Microsoft Powershell Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2022-26788 | PowerShell Elevation of Privilege Vulnerability | April 12, 2022 |
| CVE-2021-43896 | Microsoft PowerShell Spoofing Vulnerability | December 14, 2021 |
By the Year
In 2022 there have been 2 vulnerabilities in Microsoft Powershell with an average score of 8.2 out of ten. Last year Powershell had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Powershell in 2022 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2022 is greater by 2.55.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 2 | 8.15 |
| 2021 | 2 | 5.60 |
| 2020 | 2 | 7.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Powershell vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Powershell Security Vulnerabilities
.NET and Visual Studio Denial of Service Vulnerability
CVE-2022-23267
7.5 - High
- May 10, 2022
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.
Resource Exhaustion
.NET and Visual Studio Remote Code Execution Vulnerability.
CVE-2022-24512
8.8 - High
- March 09, 2022
.NET and Visual Studio Remote Code Execution Vulnerability.
Microsoft PowerShell Spoofing Vulnerability
CVE-2021-43896
5.5 - Medium
- December 15, 2021
Microsoft PowerShell Spoofing Vulnerability
.NET Core and Visual Studio Information Disclosure Vulnerability
CVE-2021-41355
5.7 - Medium
- October 13, 2021
.NET Core and Visual Studio Information Disclosure Vulnerability
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash
CVE-2020-8927
6.5 - Medium
- September 15, 2020
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Classic Buffer Overflow
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests
CVE-2020-1108
7.5 - High
- May 21, 2020
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Powershell or by Microsoft? Click the Watch button to subscribe.
