Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vault vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-31452021
Ionic Identity Vault versions 4.7 and below suffer from a biometric authentication bypass vulnerability on Android.
4
CVSSv2
CVE-2021-35576
Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with netwo...
Oracle Database Server 12.1.0.2
Oracle Database Server 12.2.0.1
Oracle Database Server 19c
1 Github repository
5
CVSSv2
CVE-2014-2545
TIBCO Managed File Transfer Internet Server prior to 7.2.2, Managed File Transfer Command Center prior to 7.2.2, Slingshot prior to 1.9.1, and Vault prior to 1.0.1 allow remote malicious users to obtain sensitive information via a crafted HTTP request.
Tibco Slingshot 1.8.1
Tibco Slingshot 1.8.0
Tibco Slingshot 1.7.0
Tibco Slingshot
Tibco Vault
Tibco Managed File Transfer Command Center 6.7
Tibco Managed File Transfer Command Center
Tibco Managed File Transfer Command Center 7.0.1
Tibco Managed File Transfer Command Center 7.2.0
Tibco Managed File Transfer Command Center 7.1.0
Tibco Managed File Transfer Command Center 7.0
Tibco Managed File Transfer Internet Server 7.2.0
Tibco Managed File Transfer Internet Server 7.1.0
Tibco Managed File Transfer Internet Server 7.0
Tibco Managed File Transfer Internet Server
Tibco Managed File Transfer Internet Server 7.0.1
Tibco Managed File Transfer Internet Server 6.7
NA
CVE-2024-2660
Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
4.3
CVSSv2
CVE-2021-29653
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
5
CVSSv2
CVE-2021-27400
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
NA
CVE-2024-2048
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could...
7.5
CVSSv2
CVE-2021-30476
HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1.
3.5
CVSSv2
CVE-2021-41810
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable
M-files Server
5
CVSSv2
CVE-2021-32074
HashiCorp vault-action (aka Vault GitHub Action) prior to 2.2.0 allows malicious users to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »