Skip to main content

Eve

4 CVEs product

Monthly

CVE-2023-43637 Go HIGH PATCH This Week

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Eve
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-43634 Go HIGH PATCH This Week

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Eve
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-43633 Go HIGH PATCH This Week

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Eve
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2018-8097 PyPI CRITICAL PATCH Act Now

io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection RCE Eve
NVD GitHub
CVSS 3.0
9.8
EPSS
5.7%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Eve
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Eve
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Eve
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection RCE Eve
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy