Hashicorp Vagrant Vmware Fusion — known CVE vulnerabilities
Every CVE whose affected-product data names Hashicorp Vagrant Vmware Fusion, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2017-11741 — CVSS 8.8 (high): HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows…
CVE-2017-12579 — CVSS 7.8 (high): An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a…
CVE-2017-16512 — CVSS 7.8 (high): The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted…
CVE-2017-16873 — CVSS 7.8 (high): It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to…
CVE-2017-7642 — CVSS 7.8 (high): The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root…
CVE-2017-15884 — CVSS 7.0 (high): In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin…
CVE-2017-16839 — CVSS 7.0 (high): Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.