Filtered by vendor Hashicorp
Subscribe
Total
167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16512 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available. | |||||
| CVE-2017-11741 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts. | |||||
| CVE-2017-7642 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable. | |||||
| CVE-2018-15869 | 1 Hashicorp | 1 Packer | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. | |||||
| CVE-2017-16001 | 1 Hashicorp | 1 Vagrant | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | |||||
| CVE-2018-19786 | 1 Hashicorp | 1 Vault | 2018-12-27 | 4.3 MEDIUM | 8.1 HIGH |
| HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported. | |||||
| CVE-2018-9057 | 1 Hashicorp | 1 Terraform | 2018-04-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password. | |||||