Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vault vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-35192
The official vault docker images prior to 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote malicious user to achieve root access with a blank password.
Hashicorp Vault
10
CVSSv2
CVE-2004-2777
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet200...
Gehealthcare Centricity Image Vault Firmware
10
CVSSv2
CVE-2010-4449
Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not co...
Oracle Audit Vault 10.2.3.2
9
CVSSv2
CVE-2021-43837
vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions prior to 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the res...
Vault-cli Project Vault-cli
7.8
CVSSv2
CVE-2015-8773
Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows malicious users to cause a denial of service (system crash) via a long vault GUID in an ioctl call.
Mcafee File Lock 5.0
7.5
CVSSv2
CVE-2021-30476
HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1.
7.5
CVSSv2
CVE-2020-16250
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
Hashicorp Vault
1 Github repository
7.5
CVSSv2
CVE-2020-16251
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
Hashicorp Vault
7.5
CVSSv2
CVE-2020-12757
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being vali...
Hashicorp Vault
7.5
CVSSv2
CVE-2019-7442
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote malicious users to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
Cyberark Enterprise Password Vault
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »