Filter
AND

Versions

1.15.0
3
1.4.0
3
1.6.0
3
1.7.0
3
0.10.0
2
1.12.0
2
1.3.0
2
1.5.0
2
0.11.0
1
0.7.1
1
0.8.3
1
1.11.0
1
1.13.0
1
1.13.7
1
1.14.0
1
1.14.3
1
1.16.0
1
1.17.7
1
1.5.1
1
1.6.1
1
1.7.7
1
1.8.0
1
1.8.4
1

HashiCorp VaultVault Operators in Root Namespace May Elevate Their Privileges

high
7.2
EPSS
0.05%
First published (updated )
CVE-2024-9180

go/github.com/hashicorp/vaultVault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests

high
7.5
EPSS
0.05%
First published (updated )
CVE-2023-6337

HashiCorp VaultVault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption

high
7.5
EPSS
0.05%
First published (updated )
CVE-2023-5954

HashiCorp VaultVault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets

high
7.6
First published (updated )
CVE-2023-5077

HashiCorp VaultVault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation

high
8.1
First published (updated )
CVE-2023-24999

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

HashiCorp VaultHashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between …

high
8.1
First published (updated )
CVE-2021-42135

HashiCorp VaultHashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic …

high
7.4
First published (updated )
CVE-2021-32923

HashiCorp VaultHashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets en…

high
7.5
First published (updated )
CVE-2021-27400

HashiCorp VaultHashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revok…

high
7.5
First published (updated )
CVE-2021-29653

HashiCorp VaultHashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be execu…

high
7.5
First published (updated )
CVE-2021-3282

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

HashiCorp VaultHashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth…

high
8.2
First published (updated )
CVE-2020-16251

HashiCorp VaultHashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth…

high
8.2
First published (updated )
CVE-2020-16250

HashiCorp VaultInfoleak

high
7.5
First published (updated )
CVE-2020-13223

HashiCorp VaultHashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic s…

high
7.5
First published (updated )
CVE-2020-7220

HashiCorp VaultHashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfig…

high
8.1
First published (updated )
CVE-2018-19786

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203