| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| <p>A security feature bypass vulnerability exists in the PowerShellGet V2 module. An attacker who successfully exploited this vulnerability could bypass WDAC (Windows Defender Application Control) policy and execute arbitrary code on a policy locked-down machine.</p>
<p>An attacker must have administrator privileges to create a configuration that includes installing PowerShellGet V2 module onto a machine from the PowerShell Gallery. The WDAC policy must be configured to allow the module to run. After this is done, PowerShell script can be injected and run fully trusted, allowing the attacker arbitrary code execution on the machine.</p>
<p>The update addresses the vulnerability by changing how URLs are processed.</p> |
| <p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.</p>
<p>To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code.</p>
<p>The update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled.</p> |
| Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. |
| An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user.
To exploit the vulnerability, an authenticated attacker would need to modify Git configuration files on a system prior to a full installation of the application. The attacker would then need to convince another user on the system to execute specific Git commands.
The update addresses the issue by changing the permissions required to edit configuration files. |
| Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. |
| Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. |
| .NET Remote Code Execution Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| PowerShell Information Disclosure Vulnerability |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| PowerShell Remote Code Execution Vulnerability |
| A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension. |
| .NET and Visual Studio Remote Code Execution Vulnerability |
| NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability |
| .NET Spoofing Vulnerability |
| Microsoft QUIC Denial of Service Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| .NET and Visual Studio Remote Code Execution Vulnerability |
