cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10228,https://securityvulnerability.io/vulnerability/CVE-2024-10228,Vagrant Vulnerability Allows Unauthorized File System Writes,"The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23",Hashicorp,Vagrant,3.3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-29T22:15:00.000Z,0
CVE-2023-5834,https://securityvulnerability.io/vulnerability/CVE-2023-5834,Vagrant’s Windows Installer Allowed Directory Junction Write,"HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.",Hashicorp,Vagrant,3.8,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-27T22:15:00.000Z,0
CVE-2022-42717,https://securityvulnerability.io/vulnerability/CVE-2022-42717,Local Privilege Escalation Vulnerability in Hashicorp Packer on Linux,"An issue in Hashicorp Packer prior to version 2.3.1 allows local privilege escalation through an insecure sudoers configuration for Vagrant on Linux. When a host is set up according to the recommended documentation, non-privileged users may exploit a wildcard in the sudoers file to execute arbitrary commands as the root user. This vulnerability underscores the need for careful review of the sudoers configuration to prevent unauthorized access and control.",Hashicorp,Vagrant,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-10-11T23:15:00.000Z,0
CVE-2017-16873,https://securityvulnerability.io/vulnerability/CVE-2017-16873,,It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges.,Hashicorp,Vagrant Vmware Fusion,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2018-03-29T22:00:00.000Z,0
CVE-2017-16512,https://securityvulnerability.io/vulnerability/CVE-2017-16512,,The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.,Hashicorp,Vagrant Vmware Fusion,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-03-29T22:00:00.000Z,0
CVE-2017-16839,https://securityvulnerability.io/vulnerability/CVE-2017-16839,,Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.,Hashicorp,Vagrant Vmware Fusion,7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-03-29T22:00:00.000Z,0
CVE-2017-16777,https://securityvulnerability.io/vulnerability/CVE-2017-16777,,"If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.",Hashicorp,Vagrant,7.8,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2017-11-16T15:00:00.000Z,0
CVE-2017-16001,https://securityvulnerability.io/vulnerability/CVE-2017-16001,,"In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.",Hashicorp,Vagrant,7.8,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2017-11-06T17:00:00.000Z,0
CVE-2017-15884,https://securityvulnerability.io/vulnerability/CVE-2017-15884,,"In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.",Hashicorp,Vagrant Vmware Fusion,7,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2017-10-31T18:00:00.000Z,0
CVE-2017-12579,https://securityvulnerability.io/vulnerability/CVE-2017-12579,,An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.,Hashicorp,Vagrant Vmware Fusion,7.8,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2017-10-19T13:00:00.000Z,0
CVE-2017-11741,https://securityvulnerability.io/vulnerability/CVE-2017-11741,,"HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.",Hashicorp,Vagrant Vmware Fusion,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2017-08-08T19:00:00.000Z,0
CVE-2017-7642,https://securityvulnerability.io/vulnerability/CVE-2017-7642,,The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.,Hashicorp,Vagrant Vmware Fusion,7.8,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2017-08-02T19:00:00.000Z,0