Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vault vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-31452021
Ionic Identity Vault versions 4.7 and below suffer from a biometric authentication bypass vulnerability on Android.
2.7
CVSSv3
CVE-2021-35576
Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with netwo...
Oracle Database Server 12.1.0.2
Oracle Database Server 12.2.0.1
Oracle Database Server 19c
1 Github repository
NA
CVE-2014-2545
TIBCO Managed File Transfer Internet Server prior to 7.2.2, Managed File Transfer Command Center prior to 7.2.2, Slingshot prior to 1.9.1, and Vault prior to 1.0.1 allow remote malicious users to obtain sensitive information via a crafted HTTP request.
Tibco Slingshot 1.8.1
Tibco Slingshot 1.8.0
Tibco Slingshot 1.7.0
Tibco Slingshot
Tibco Vault
Tibco Managed File Transfer Command Center 6.7
Tibco Managed File Transfer Command Center
Tibco Managed File Transfer Command Center 7.0.1
Tibco Managed File Transfer Command Center 7.2.0
Tibco Managed File Transfer Command Center 7.1.0
Tibco Managed File Transfer Command Center 7.0
Tibco Managed File Transfer Internet Server 7.2.0
Tibco Managed File Transfer Internet Server 7.1.0
Tibco Managed File Transfer Internet Server 7.0
Tibco Managed File Transfer Internet Server
Tibco Managed File Transfer Internet Server 7.0.1
Tibco Managed File Transfer Internet Server 6.7
NA
CVE-2024-2660
Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
7.5
CVSSv3
CVE-2021-29653
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
7.5
CVSSv3
CVE-2021-27400
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
NA
CVE-2024-2048
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could...
9.8
CVSSv3
CVE-2021-30476
HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1.
4.8
CVSSv3
CVE-2021-41810
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable
M-files Server
5.5
CVSSv3
CVE-2014-4658
The vault subsystem in Ansible prior to 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
Redhat Ansible
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »