EUVD-2023-2597

Malicious code in bioql PyPI...

CVE-2023-4680

A flaw was found in HashiCorp Vault and Vault Enterprise, where the transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and...

GHSA-V84F-6R39-CPFC HashiCorp Vault Improper Input Validation vulnerability

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

CVE-2023-4680

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

Design/Logic Flaw

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

CVE-2023-4680

CVE-2023-4680 affects HashiCorp Vault/Vault Enterprise transit secrets engine. The vulnerability allows an authorized user to specify arbitrary nonces, even when convergent encryption is disabled. The encrypt endpoint, with an offline attack, could decrypt arbitrary ciphertext and potentially der...

HashiCorp Vault Input Validation Error Vulnerability

HashiCorp Vault is a private key access management tool from the US-based HashiCorp. An input validation error vulnerability exists in HashiCorp Vault and Vault Enterprise versions 1.6.0 and later, which stems from a security flaw in the transit secrets engine that allows the transit secrets engi...