Vulnerabilities > Rapid7 > Velociraptor > 0.6.5.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2023-5950 | Cross-site Scripting vulnerability in Rapid7 Velociraptor Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. | 6.1 |
| 2023-04-21 | CVE-2023-2226 | Out-of-bounds Read vulnerability in Rapid7 Velociraptor Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. | 5.3 |
| 2023-01-18 | CVE-2023-0290 | Path Traversal vulnerability in Rapid7 Velociraptor Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. | 4.3 |
| 2023-01-18 | CVE-2023-0242 | Missing Authorization vulnerability in Rapid7 Velociraptor Rapid7 Velociraptor allows users to be created with different privileges on the server. | 8.8 |