CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9057
https://notcve.org/view.php?id=CVE-2018-9057
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password. aws/resource_aws_iam_user_login_profile.go en el proveedor HashiCorp Terraform Amazon Web Services (AWS) hasta la versión v1.12.0 contiene un algoritmo y semilla PRNG. Esto facilita a los atacantes remotos obtener acceso aprovechando una cuenta IAM que se creó con una contraseña débil. • https://github.com/terraform-providers/terraform-provider-aws/pull/3934 • CWE-332: Insufficient Entropy in PRNG •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-16777 – Hashicorp vagrant-vmware-fusion 5.0.3 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-16777
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root. Si el plugin HashiCorp Vagrant de VMware Fusion (también conocido como vagrant-vmware-fusion) 5.0.3 está instalado, pero VMware Fusion no, un atacante local podría crear un directorio de aplicación falso y explotar el asistente de suid sudo para escalar a root. Hashicorp vagrant-vmware-fusion version 5.0.3 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/43219 https://m4.rkw.io/blog/cve201716777-local-root-privesc-in-hashicorp-vagrantvmwarefusion-503.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-16001 – Hashicorp vagrant-vmware-fusion 5.0.1 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-16001
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. En el plugin Vagrant VMware Fusion de HashiCorp (también conocido como vagrant-vmware-fusion) 5.0.1, un atacante local o malware pueden alterar el proceso de actualización del plugin con el fin de conseguir un escalado de privilegios root. Hashicorp vagrant-vmware-fusion version 5.0.1 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/43220 https://m4.rkw.io/blog/cve201716001-local-root-privesc-in-hashicorp-vagrantvmwarefusion-501.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 2CVE-2017-15884 – Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-15884
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. En el plugin Vagrant VMware Fusion de HashiCorp (también conocido como vagrant-vmware-fusion) 5.0.0, un atacante local o malware pueden alterar el proceso de actualización del plugin con el fin de conseguir un escalado de privilegios root. Hashicorp vagrant-vmware-fusion version 5.0.0 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/43222 https://m4.rkw.io/blog/cve201715884-local-root-privesc-in-hashicorp-vagrantvmwarefusion-500.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-12579 – Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-12579
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell. Un binario contenedor de suid inseguro en el plugin HashiCorp Vagrant VMware Fusion (también conocido como vagrant-vmware-fusion), en la versión 4.0.24 y anteriores, permite que un usuario no root obtenga un shell root. Hashicorp vagrant-vmware-fusion versions 4.0.24 and below suffer from a local privilege escalation vulnerability. This is the same issue that affected the last version but the vendor failed to properly address the issue. • https://www.exploit-db.com/exploits/43223 https://m4.rkw.io/blog/cve201712579-local-root-privesc-in-hashicorp-vagrantvmwarefusion-4024.html • CWE-427: Uncontrolled Search Path Element •