CVE-2024-2660

MEDIUM Year: 2024
CVSS v3 Score
6.4
Medium
Weakness Type
CWE-636
View all →

Vulnerability Description

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.

Related Vulnerabilities

CVE-2021-3614

MEDIUM
CVSS:6.8(Medium)

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo V...

CWE-6362021

CVE-2024-8185

HIGH
CVSS:7.5(High)

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster joi...

CWE-6362024

CVE-2023-22943

MEDIUM
CVSS:5.3(Medium)

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HT...

CWE-6362023

CVE-2023-4030

HIGH
CVSS:7.8(High)

A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.

CWE-6362023

CVE-2021-1578

HIGH
CVSS:8.8(High)

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, ...

CWE-6362021