VYPR

rpm package

opensuse/velociraptor&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/velociraptor&distro=openSUSE%20Tumbleweed

Vulnerabilities (85)

  • CVE-2023-44270Sep 29, 2023
    affected < 0.7.0.4.git142.862ef23-1.1fixed 0.7.0.4.git142.862ef23-1.1

    An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be inc

  • CVE-2022-25883Jun 21, 2023
    affected < 0.7.0.4.git74.3426c0a-9.1fixed 0.7.0.4.git74.3426c0a-9.1

    Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

  • CVE-2023-1732May 10, 2023
    affected < 0.7.0.4.git142.862ef23-1.1fixed 0.7.0.4.git142.862ef23-1.1

    When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and blindr

  • CVE-2023-0290Jan 18, 2023
    affected < 0.6.7.5~git78.2bef6fc-2.1fixed 0.6.7.5~git78.2bef6fc-2.1

    Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server

  • CVE-2023-0242Jan 18, 2023
    affected < 0.6.7.5~git78.2bef6fc-2.1fixed 0.6.7.5~git78.2bef6fc-2.1

    Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files

Page 5 of 5