RSS   Vulnerabilities for 'Vagrant vmware fusion'   RSS

2018-03-29
 
CVE-2017-16839

CWE-255
 

 
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.

 
2017-10-31
 
CVE-2017-15884

CWE-264
 

 
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.

 
2017-10-19
 
CVE-2017-12579

CWE-264
 

 
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.

 
2017-08-08
 
CVE-2017-11741

CWE-254
 

 
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.

 
2017-08-02
 
CVE-2017-7642

 

 
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.

 

 >>> Vendor: Hashicorp 4 Products
Vagrant vmware fusion
Vagrant
Terraform
Consul


Copyright 2019, cxsecurity.com

 

Back to Top