VYPR

Esxi

by VMware

CVEs (139)

  • CVE-2009-2267Nov 2, 2009
    risk 0.03cvss epss 0.02

    VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi…

  • CVE-2018-6981Dec 4, 2018
    risk 0.01cvss epss 0.01

    VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack…

  • CVE-2024-37086Jun 25, 2024
    risk 0.00cvss epss 0.00

    VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.

  • CVE-2024-22273May 21, 2024
    risk 0.00cvss epss 0.00

    The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the…

  • CVE-2024-22255Mar 5, 2024
    risk 0.00cvss epss 0.02

    VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.  

  • CVE-2024-22254Mar 5, 2024
    risk 0.00cvss epss 0.01

    VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.

  • CVE-2024-22253Mar 5, 2024
    risk 0.00cvss epss 0.01

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.…

  • CVE-2024-22252Mar 5, 2024
    risk 0.00cvss epss 0.04

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.…

  • CVE-2022-31705Dec 14, 2022
    risk 0.00cvss epss 0.02

    VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running…

  • CVE-2022-31699Dec 13, 2022
    risk 0.00cvss epss 0.00

    VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

  • CVE-2022-31696Dec 13, 2022
    risk 0.00cvss epss 0.00

    VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.

  • CVE-2022-31681Oct 7, 2022
    risk 0.00cvss epss 0.00

    VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.

  • CVE-2021-22050Feb 16, 2022
    risk 0.00cvss epss 0.02

    ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.

  • CVE-2021-22043Feb 16, 2022
    risk 0.00cvss epss 0.01

    VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.

  • CVE-2021-22042Feb 16, 2022
    risk 0.00cvss epss 0.00

    VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.

  • CVE-2021-22041Feb 16, 2022
    risk 0.00cvss epss 0.01

    VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

  • CVE-2021-22040Feb 16, 2022
    risk 0.00cvss epss 0.01

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

  • CVE-2021-22045Jan 4, 2022
    risk 0.00cvss epss 0.05

    VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device…

  • CVE-2020-3960Sep 15, 2021
    risk 0.00cvss epss 0.00

    VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a…

  • CVE-2021-21995Jul 13, 2021
    risk 0.00cvss epss 0.01

    OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.

Page 3 of 7