CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28156 – Gentoo Linux Security Advisory 202208-09
https://notcve.org/view.php?id=CVE-2021-28156
20 Apr 2021 — HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10. El registro de auditoría de HashiCorp Consul Enterprise versión 1.8.0 hasta 1.9.4 puede ser omitido por eventos HTTP específicamente diseñados. Corregido en versiones 1.9.5 y 1.8.10 Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service. Versions less than 1.9.17 are affected. • https://discuss.hashicorp.com/t/hcsec-2021-08-consul-enterprise-audit-log-bypass-for-http-events/23369 •
CVSS: 6.1EPSS: 84%CPEs: 6EXPL: 0CVE-2020-25864 – Gentoo Linux Security Advisory 202208-09
https://notcve.org/view.php?id=CVE-2020-25864
20 Apr 2021 — HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14. El modo sin procesar de HashiCorp Consul y Consul Enterprise hasta versión 1.9.4, key-value (KV) era vulnerable a un ataque de tipo cross-site scripting. Corregido en versiones 1.9.5, 1.8.10 y 1.7.14 Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service. Versions less than 1.9.17 ar... • https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3121 – gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
https://notcve.org/view.php?id=CVE-2021-3121
11 Jan 2021 — An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. Se detectó un problema en GoGo Protobuf versiones anteriores a 1.3.2. El archivo plugin/unmarshal/unmarshal.go carece de determinada comprobación de índice, también se conoce como el problema "skippy peanut butter" A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects... • https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 • CWE-129: Improper Validation of Array Index •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-28053 – Gentoo Linux Security Advisory 202208-09
https://notcve.org/view.php?id=CVE-2020-28053
23 Nov 2020 — HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6. HashiCorp Consul y Consul Enterprise versiones 1.2.0 hasta 1.8.5, permitieron a operadores con operador: leer unos permisos ACL para leer la configuración de la clave privada de Connect CA. Corregido en versiones 1.6.10, 1.7.10 y 1.8.6 Multiple vulnerabilities have been discovered in HashiCorp Consul, the wors... • https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25201 – Gentoo Linux Security Advisory 202208-09
https://notcve.org/view.php?id=CVE-2020-25201
04 Nov 2020 — HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5. HashiCorp Consul Enterprise versiones 1.7.0 hasta 1.8.4, incluye un error de replicación de espacio de nombres que puede ser activado para causar una denegación de servicio por medio de escrituras Raft infinitas. Corregido en versiones 1.7.9 y 1.8.5 Multiple vulnerabilities have been discovered in HashiCorp Consu... • https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020 •