Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Hashicorp Subscribe
Filtered by product Vagrant Vmware Fusion
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-11741 1 Hashicorp 1 Vagrant Vmware Fusion 2019-10-02 7.2 HIGH 8.8 HIGH
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
CVE-2017-12579 1 Hashicorp 1 Vagrant Vmware Fusion 2019-10-02 7.2 HIGH 7.8 HIGH
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.
CVE-2017-15884 1 Hashicorp 1 Vagrant Vmware Fusion 2019-10-02 6.9 MEDIUM 7.0 HIGH
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
CVE-2017-16512 1 Hashicorp 1 Vagrant Vmware Fusion 2019-10-02 7.2 HIGH 7.8 HIGH
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.
CVE-2017-16839 1 Hashicorp 1 Vagrant Vmware Fusion 2019-10-02 6.9 MEDIUM 7.0 HIGH
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.
CVE-2017-16873 1 Hashicorp 1 Vagrant Vmware Fusion 2019-10-02 7.2 HIGH 7.8 HIGH
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges.
CVE-2017-7642 1 Hashicorp 1 Vagrant Vmware Fusion 2019-10-02 7.2 HIGH 7.8 HIGH
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.