Bitnami package
powershell
pkg:bitnami/powershell
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-26171 | Hig | 7.5 | >= 7.5.0, < 7.5.6 | 7.5.6 | Apr 14, 2026 | Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-26143 | Hig | 7.8 | >= 7.4.0, < 7.4.14 | 7.4.14 | Apr 14, 2026 | Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally. | |
| CVE-2025-25004 | — | >= 7.4.0, < 7.4.13 | 7.4.13 | Oct 14, 2025 | Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49734 | — | >= 7.4.0, < 7.4.12 | 7.4.12 | Sep 9, 2025 | Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-30399 | — | >= 7.4.0, < 7.4.11 | 7.4.11 | Jun 13, 2025 | Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. | ||
| CVE-2020-36846 | Cri | 9.8 | >= 7.0.0, < 7.0.9 | 7.0.9 | May 30, 2025 | A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression | |
| CVE-2025-21171 | — | >= 7.5.0, < 7.5.2 | 7.5.2 | Jan 14, 2025 | .NET Remote Code Execution Vulnerability | ||
| CVE-2024-30045 | — | >= 7.4.0, < 7.4.3 | 7.4.3 | May 14, 2024 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2024-21409 | — | >= 7.2.0, < 7.2.19 | 7.2.19 | Apr 9, 2024 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2024-26190 | — | >= 7.3.0, < 7.3.12 | 7.3.12 | Mar 12, 2024 | Microsoft QUIC Denial of Service Vulnerability | ||
| CVE-2024-21392 | — | >= 7.3.0, < 7.3.12 | 7.3.12 | Mar 12, 2024 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2024-0057 | — | >= 7.2.0, < 7.2.18 | 7.2.18 | Jan 9, 2024 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | ||
| CVE-2023-36013 | — | >= 7.2.0, < 7.2.17 | 7.2.17 | Nov 20, 2023 | PowerShell Information Disclosure Vulnerability | ||
| CVE-2023-21538 | — | >= 7.2.0, <= 7.2.0 | — | Jan 10, 2023 | .NET Denial of Service Vulnerability | ||
| CVE-2022-41121 | — | >= 7.2.0, <= 7.2.0 | — | Dec 13, 2022 | Windows Graphics Component Elevation of Privilege Vulnerability | ||
| CVE-2022-41076 | — | >= 7.2.0, <= 7.2.0 | — | Dec 13, 2022 | PowerShell Remote Code Execution Vulnerability | ||
| CVE-2022-34716 | — | >= 7.0.0, < 7.0.12 | 7.0.12 | Aug 9, 2022 | .NET Spoofing Vulnerability | ||
| CVE-2022-23267 | — | >= 7.0.0, < 7.0.11 | 7.0.11 | May 10, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2022-26788 | — | >= 7.0.0, < 7.0.10 | 7.0.10 | Apr 15, 2022 | PowerShell Elevation of Privilege Vulnerability | ||
| CVE-2022-24512 | — | >= 7.0.0, < 7.0.9 | 7.0.9 | Mar 9, 2022 | .NET and Visual Studio Remote Code Execution Vulnerability |
- affected >= 7.5.0, < 7.5.6fixed 7.5.6
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
- affected >= 7.4.0, < 7.4.14fixed 7.4.14
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
- CVE-2025-25004Oct 14, 2025affected >= 7.4.0, < 7.4.13fixed 7.4.13
Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
- CVE-2025-49734Sep 9, 2025affected >= 7.4.0, < 7.4.12fixed 7.4.12
Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.
- CVE-2025-30399Jun 13, 2025affected >= 7.4.0, < 7.4.11fixed 7.4.11
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
- affected >= 7.0.0, < 7.0.9fixed 7.0.9
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression
- CVE-2025-21171Jan 14, 2025affected >= 7.5.0, < 7.5.2fixed 7.5.2
.NET Remote Code Execution Vulnerability
- CVE-2024-30045May 14, 2024affected >= 7.4.0, < 7.4.3fixed 7.4.3
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-21409Apr 9, 2024affected >= 7.2.0, < 7.2.19fixed 7.2.19
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-26190Mar 12, 2024affected >= 7.3.0, < 7.3.12fixed 7.3.12
Microsoft QUIC Denial of Service Vulnerability
- CVE-2024-21392Mar 12, 2024affected >= 7.3.0, < 7.3.12fixed 7.3.12
.NET and Visual Studio Denial of Service Vulnerability
- CVE-2024-0057Jan 9, 2024affected >= 7.2.0, < 7.2.18fixed 7.2.18
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
- CVE-2023-36013Nov 20, 2023affected >= 7.2.0, < 7.2.17fixed 7.2.17
PowerShell Information Disclosure Vulnerability
- CVE-2023-21538Jan 10, 2023affected >= 7.2.0, <= 7.2.0
.NET Denial of Service Vulnerability
- CVE-2022-41121Dec 13, 2022affected >= 7.2.0, <= 7.2.0
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2022-41076Dec 13, 2022affected >= 7.2.0, <= 7.2.0
PowerShell Remote Code Execution Vulnerability
- CVE-2022-34716Aug 9, 2022affected >= 7.0.0, < 7.0.12fixed 7.0.12
.NET Spoofing Vulnerability
- CVE-2022-23267May 10, 2022affected >= 7.0.0, < 7.0.11fixed 7.0.11
.NET and Visual Studio Denial of Service Vulnerability
- CVE-2022-26788Apr 15, 2022affected >= 7.0.0, < 7.0.10fixed 7.0.10
PowerShell Elevation of Privilege Vulnerability
- CVE-2022-24512Mar 9, 2022affected >= 7.0.0, < 7.0.9fixed 7.0.9
.NET and Visual Studio Remote Code Execution Vulnerability
Page 1 of 2