Filtered by vendor Hashicorp
Subscribe
Total
143 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7642 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable. | |||||
CVE-2017-12579 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell. | |||||
CVE-2017-16777 | 1 Hashicorp | 1 Vagrant | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root. |