Vulnerabilities > Hashicorp > Vault > 1.6.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-08 | CVE-2023-6337 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. | 7.5 |
| 2023-09-29 | CVE-2023-3775 | Unspecified vulnerability in Hashicorp Vault A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. | 4.9 |
| 2023-09-29 | CVE-2023-5077 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Vault The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. | 7.5 |
| 2023-09-15 | CVE-2023-4680 | Improper Input Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. | 6.8 |
| 2023-06-09 | CVE-2023-2121 | Cross-site Scripting vulnerability in Hashicorp Vault Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. | 5.4 |
| 2023-03-30 | CVE-2023-0620 | SQL Injection vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. | 6.7 |
| 2023-03-30 | CVE-2023-0665 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. | 6.5 |
| 2023-03-30 | CVE-2023-25000 | Information Exposure Through Discrepancy vulnerability in Hashicorp Vault HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. | 4.7 |
| 2023-03-11 | CVE-2023-24999 | Incorrect Authorization vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. | 8.1 |
| 2022-10-12 | CVE-2022-41316 | Improper Certificate Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. | 5.3 |