| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-7594 | Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default | HashiCorp | Vault | High | 7.5 | 2024-09-26 19:52:56 | Deep Dive |
| CVE-2024-8365 | Vault Leaks AppRole Client Tokens And Accessor in Audit Log | HashiCorp | Vault | Medium | 6.2 | 2024-09-02 01:30:57 | Deep Dive |
| CVE-2024-6468 | Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior | HashiCorp | Vault | High | 7.5 | 2024-07-11 20:40:12 | Deep Dive |
| CVE-2024-5798 | Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims | HashiCorp | Vault | Low | 2.6 | 2024-06-12 18:55:25 | Deep Dive |
| CVE-2024-2877 | Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node | HashiCorp | Vault Enterprise | Medium | 5.5 | 2024-04-30 14:58:10 | Deep Dive |
| CVE-2024-2660 | Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses | HashiCorp | Vault | Medium | 6.4 | 2024-04-04 17:55:20 | Deep Dive |
| CVE-2024-2048 | Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates | HashiCorp | Vault | High | 8.1 | 2024-03-04 19:56:47 | Deep Dive |
| CVE-2024-0831 | Vault May Expose Sensitive Information When Configuring An Audit Log Device | HashiCorp | Vault | Medium | 4.5 | 2024-02-01 01:41:34 | Deep Dive |
| CVE-2023-6337 | Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests | HashiCorp | Vault | High | 7.5 | 2023-12-08 21:12:32 | Deep Dive |
| CVE-2023-5954 | Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption | HashiCorp | Vault | Medium | 5.9 | 2023-11-09 20:13:49 | Deep Dive |
| CVE-2023-5077 | Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets | HashiCorp | Vault | High | 7.6 | 2023-09-28 23:24:29 | Deep Dive |
| CVE-2023-3775 | Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service | HashiCorp | Vault Enterprise | Medium | 4.2 | 2023-09-28 23:17:24 | Deep Dive |
| CVE-2023-4680 | Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption | HashiCorp | Vault | Medium | 6.8 | 2023-09-14 23:06:25 | Deep Dive |
| CVE-2023-3462 | Vault's LDAP Auth Method Allows for User Enumeration | HashiCorp | Vault | Medium | 5.3 | 2023-07-31 22:40:23 | Deep Dive |
| CVE-2023-3774 | Vault Enterprise Namespace Creation May Lead to Denial of Service | HashiCorp | Vault Enterprise | Medium | 4.9 | 2023-07-28 00:45:04 | Deep Dive |
| CVE-2023-2121 | Vault’s KV Diff Viewer Allowed for HTML Injection | HashiCorp | Vault | Medium | 4.3 | 2023-06-09 16:59:49 | Deep Dive |
| CVE-2023-2197 | Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM | HashiCorp | Vault Enterprise | Low | 2.5 | 2023-05-01 19:41:18 | Deep Dive |
| CVE-2023-0620 | Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend | HashiCorp | Vault | Medium | 6.5 | 2023-03-30 00:28:13 | Deep Dive |
| CVE-2023-0665 | Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata | HashiCorp | Vault | Medium | 6.5 | 2023-03-30 00:21:48 | Deep Dive |
| CVE-2023-25000 | Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations | HashiCorp | Vault | Medium | 5.0 | 2023-03-30 00:17:46 | Deep Dive |