Vulnerabilities > Hashicorp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-05 | CVE-2019-8336 | Unspecified vulnerability in Hashicorp Consul 1.4.0/1.4.1/1.4.2 HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is used in unusual circumstances. | 8.1 |
| 2018-12-05 | CVE-2018-19786 | Information Exposure Through Log Files vulnerability in Hashicorp Vault HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported. | 8.1 |
| 2018-03-29 | CVE-2017-16873 | Unspecified vulnerability in Hashicorp Vagrant VMWare Fusion It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges. | 7.8 |
| 2018-03-29 | CVE-2017-16839 | Unspecified vulnerability in Hashicorp Vagrant VMWare Fusion 5.0.4 Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed. | 7.0 |
| 2018-03-29 | CVE-2017-16512 | Race Condition vulnerability in Hashicorp Vagrant VMWare Fusion 5.0.2/5.0.3/5.0.4 The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available. | 7.8 |
| 2017-11-16 | CVE-2017-16777 | Uncontrolled Search Path Element vulnerability in Hashicorp Vagrant 5.0.3 If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root. | 7.8 |
| 2017-11-06 | CVE-2017-16001 | Race Condition vulnerability in Hashicorp Vagrant 5.0.1 In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | 7.8 |
| 2017-10-31 | CVE-2017-15884 | Race Condition vulnerability in Hashicorp Vagrant VMWare Fusion 5.0.0 In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | 7.0 |
| 2017-10-19 | CVE-2017-12579 | Uncontrolled Search Path Element vulnerability in Hashicorp Vagrant VMWare Fusion An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell. | 7.8 |
| 2017-08-08 | CVE-2017-11741 | Incorrect Default Permissions vulnerability in Hashicorp Vagrant VMWare Fusion HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts. | 8.8 |