Mark Wadham

Name of the Vulnerable Software and Affected Versions: Charles Proxy versions prior to 4.2.1 Description: A race condition exists in the Charles Proxy Settings suid binary, allowing local users to gain privileges through vectors involving the --self-repair option. Recommendations: For versions prior to 4.2.1, update to version 4.2.1 or later to resolve the issue. As a temporary workaround, consider disabling the --self-repair option until a patch is available. Restrict access to the Charles Proxy Settings suid binary to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Arq versions 5.x before 5.10 **Description** The issue allows local users to gain root privileges via a crafted data packet, affecting several helper apps in Arq, including arq updater, arqcommitter, standardrestorer, arqglacierrestorer, and arqs3glacierrestorer. **Recommendations** For Arq versions 5.x before 5.10, update to version 5.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) version 5.0.3 **Description** A local attacker can exploit the issue to escalate to root by creating a fake application directory and exploiting the suid sudo helper, given that HashiCorp Vagrant VMware Fusion plugin is installed but VMware Fusion is not. **Recommendations** For HashiCorp Vagrant VMware Fusion plugin version 5.0.3, consider uninstalling the plugin if VMware Fusion is not installed to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Sera version 1.2 **Description** The issue allows for trivial privilege escalation and exposes user and system keychains to local attacks because it stores the user's login password in plain text in their home directory. **Recommendations** For Sera version 1.2, consider removing or securing the plain text password storage to prevent local attacks and privilege escalation. As a temporary workaround, restrict access to the home directory where the password is stored to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) versions 4.0.24 and earlier **Description** The issue is related to an insecure suid wrapper binary, which allows a non-root user to obtain a root shell. **Recommendations** For HashiCorp Vagrant VMware Fusion plugin versions 4.0.24 and earlier, update to a version later than 4.0.24 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HashiCorp Vagrant VMware Fusion plugin versions prior to 4.0.24 **Description** The issue allows local users to execute arbitrary code with root privileges by overwriting one of the scripts due to weak permissions for the sudo helper scripts. **Recommendations** For versions prior to 4.0.24, update to version 4.0.24 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HashiCorp Vagrant VMware Fusion plugin versions prior to 4.0.21 **Description** The issue allows local users to gain root privileges due to the failure to verify the path to the encoded ruby script or scrub the PATH variable in the sudo helper of the HashiCorp Vagrant VMware Fusion plugin. **Recommendations** For versions prior to 4.0.21, update to version 4.0.21 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Proxifier for Mac versions prior to 2.19.2 **Description** The issue allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program when Proxifier for Mac is run for the first time. **Recommendations** For versions prior to 2.19.2, update to version 2.19.2 or later to resolve the issue.