hashicorp vagrant_vmware_fusion CVE Vulnerabilities (7)

CVEs: 7 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting hashicorp vagrant_vmware_fusion (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 17 of 7 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2017-16873 It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges. [email protected] 7.8 0.43% 2018-03-29 2026-06-16
CVE-2017-16839 Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed. [email protected] 7.0 0.33% 2018-03-29 2026-06-16
CVE-2017-16512 The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available. [email protected] 7.8 0.31% 2018-03-29 2026-06-16
CVE-2017-15884 In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. [email protected] 7.0 0.90% 2017-10-31 2026-06-16
CVE-2017-12579 An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell. [email protected] 7.8 1.47% 2017-10-19 2026-06-16
CVE-2017-11741 HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts. [email protected] 8.8 1.11% 2017-08-08 2026-06-16
CVE-2017-7642 The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable. [email protected] 7.8 1.23% 2017-08-02 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence