43 matches found
EUVD-2017-16647
Malware in sbrugna...
EUVD-2017-7956
Malware in sbrugna...
EUVD-2017-4151
Malware in sbrugna...
EUVD-2017-8013
Malware in sbrugna...
EUVD-2017-3351
Malware in sbrugna...
EUVD-2017-7417
Malware in sbrugna...
EUVD-2025-19756
Malicious code in bioql PyPI...
EUVD-2023-2640
Malicious code in bioql PyPI...
HashiCorp Vagrant Installed (macOS)
Binary data macosvagrantinstalled.nbin...
HashiCorp Vagrant 2.2.10 < 2.4.7 Code Injection (macOS)
The version of HashiCorp Vagrant installed on the remote host is 2.2.10 prior to 2.4.7. It is, therefore, is affected by a code injection vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 8090...
SUSE CVE-2025-34075
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host's Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does...
HashiCorp Vagrant has code injection vulnerability through default synced folders
An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...
GHSA-HQP6-MJW3-F586 HashiCorp Vagrant has code injection vulnerability through default synced folders
An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...
CVE-2025-34075
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended...
CVE-2025-34075
...
CVE-2025-34075
CVE-2025-34075 entry is labeled rejected/withdrawn by the CNA. Connected docs describe a guest-to-host code-execution vector in HashiCorp Vagrant via the default synced-folder Vagrantfile exposure: Vagrant mounts the host project directory (including Vagrantfile) into the guest, and an attacker w...
CVE-2025-34075
...
HashiCorp Vagrant has code injection vulnerability through default synced folders
An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...
CVE-2023-5834
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0...
Vagrant Security Vulnerabilities
Vagrant is a command line utility for managing the lifecycle of virtual machines. Isolates dependencies and their configurations in a single disposable and consistent environment. A security vulnerability exists in HashiCorp Vagrant versions prior to 2.4.0 that stems from the presence of...