Privilege Escalation

www.velocidex.com/golang/velociraptor is vulnerable to Privilege Escalation The vulnerability is due to the failure to enforce required permissions on the Admin.Client.UpdateClientConfig artifact, allowing users with COLLECTCLIENT permissions to update client configurations and potentially execut...

Information disclosure

Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...

CVE-2022-31162 Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs

Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...

CVE-2020-18875

Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl velocity files...

Improper access control

Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl velocity files...