Filtered by vendor Hashicorp
Subscribe
Total
147 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15869 | 1 Hashicorp | 1 Packer | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. | |||||
| CVE-2017-16873 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges. | |||||
| CVE-2017-16839 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed. | |||||
| CVE-2017-16512 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available. | |||||
| CVE-2024-10228 | 1 Hashicorp | 1 Vagrant Vmware Utility | 2024-11-07 | N/A | 3.3 LOW |
| The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23 | |||||
| CVE-2024-9180 | 1 Hashicorp | 1 Vault | 2024-10-18 | N/A | 7.2 HIGH |
| A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. | |||||
| CVE-2024-8365 | 1 Hashicorp | 1 Vault | 2024-09-04 | N/A | 6.5 MEDIUM |
| Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9. | |||||