Vulnerabilities > Hashicorp > Vagrant Vmware Fusion > 4.0.21

DATE CVE VULNERABILITY TITLE RISK
2017-10-19 CVE-2017-12579 Uncontrolled Search Path Element vulnerability in Hashicorp Vagrant VMWare Fusion
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.
local
low complexity
hashicorp CWE-427
7.8
7.8
2017-08-08 CVE-2017-11741 Incorrect Default Permissions vulnerability in Hashicorp Vagrant VMWare Fusion
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
local
low complexity
hashicorp CWE-276
8.8
8.8