Skip to main content

ESXi

104 CVEs product

Monthly

CVE-2025-25058 LOW Monitor

Ethernet 800-Serie versions up to 2.2.2.0 contains a vulnerability that allows attackers to an information disclosure (CVSS 3.3).

Linux ESXi Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-22226 HIGH KEV THREAT CERT-EU Act Now

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.

Information Disclosure Buffer Overflow VMware ESXi Cloud Foundation +4
NVD
CVSS 3.1
7.1
EPSS
6.8%
CVE-2025-22225 HIGH KEV THREAT CERT-EU Act Now

VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes, enabling escape from the VMX sandbox to the ESXi kernel.

Memory Corruption Buffer Overflow VMware ESXi Cloud Foundation +2
NVD
CVSS 3.1
8.2
EPSS
7.9%
CVE-2025-22224 CRITICAL KEV THREAT CERT-EU Emergency

VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrators on VMs to escape the sandbox and execute code as the VMX process on the host.

Buffer Overflow VMware ESXi Cloud Foundation Telco Cloud Infrastructure +2
NVD
CVSS 3.1
9.3
EPSS
52.7%
CVE-2024-37086 MEDIUM This Month

VMware ESXi contains an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Cloud Foundation ESXi
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-22273 HIGH This Week

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Denial Of Service Cloud Foundation +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22255 HIGH This Week

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Denial Of Service Cloud Foundation Workstation +2
NVD
CVSS 3.1
7.1
EPSS
2.3%
CVE-2024-22254 HIGH This Week

VMware ESXi contains an out-of-bounds write vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Memory Corruption Cloud Foundation ESXi
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-22253 MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE Memory Corruption Cloud Foundation +3
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-22252 MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE Memory Corruption Workstation +2
NVD
CVSS 3.1
6.7
EPSS
3.5%
CVE-2023-29552 HIGH POC KEV THREAT This Week

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smi S Provider Manager Server Linux Enterprise Server ESXi +1
NVD GitHub
CVSS 3.1
7.5
EPSS
65.9%
CVE-2022-31705 HIGH This Week

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE VMware Buffer Overflow Workstation +2
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2022-31699 LOW Monitor

VMware ESXi contains a heap-overflow vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure VMware Buffer Overflow Cloud Foundation +1
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-31696 HIGH PATCH This Week

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption VMware Buffer Overflow Cloud Foundation ESXi
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-31681 MEDIUM PATCH This Month

VMware ESXi contains a null-pointer deference vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

VMware Null Pointer Dereference Denial Of Service Cloud Foundation ESXi
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-23825 MEDIUM This Month

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux Fedora Athlon X4 750 Firmware +123
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29901 MEDIUM This Month

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Intel Information Disclosure Core I7 6500U Firmware Core I7 6510U Firmware +127
NVD
CVSS 3.1
6.5
EPSS
4.9%
CVE-2022-21166 MEDIUM PATCH This Month

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen Fedora Sgx Dcap +4
NVD
CVSS 3.1
5.5
EPSS
5.9%
CVE-2022-21125 MEDIUM PATCH This Month

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen Fedora Sgx Dcap +4
NVD
CVSS 3.1
5.5
EPSS
6.5%
CVE-2022-21123 MEDIUM PATCH This Month

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen Fedora Sgx Dcap +4
NVD
CVSS 3.1
5.5
EPSS
6.3%
CVE-2021-21995 HIGH This Week

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Cloud Foundation ESXi
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-21994 CRITICAL Act Now

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Cloud Foundation ESXi
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-3999 MEDIUM PATCH This Month

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service VMware Workstation ESXi Fusion
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-4005 HIGH PATCH This Week

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Cloud Foundation ESXi
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4004 HIGH PATCH This Week

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Use After Free Memory Corruption VMware Fusion +3
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2020-3995 MEDIUM PATCH This Month

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service VMware ESXi Cloud Foundation Workstation +1
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-3992 CRITICAL POC KEV PATCH THREAT Act Now

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption VMware Cloud Foundation +1
NVD
CVSS 3.1
9.8
EPSS
83.0%
CVE-2020-3982 HIGH PATCH This Week

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable.

Buffer Overflow VMware ESXi Cloud Foundation Workstation +2
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2020-3981 MEDIUM PATCH This Month

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Buffer Overflow VMware Information Disclosure Cloud Foundation Workstation +2
NVD
CVSS 3.1
5.8
EPSS
0.8%
CVE-2020-3976 MEDIUM PATCH This Month

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service VMware Cloud Foundation Vcenter Server ESXi
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2020-3971 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption VMware Cloud Foundation Fusion +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3970 LOW Monitor

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service Information Disclosure Cloud Foundation +3
NVD
CVSS 3.1
3.8
EPSS
0.4%
CVE-2020-3968 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption VMware Cloud Foundation +3
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-3967 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Memory Corruption VMware Cloud Foundation Fusion +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-3966 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Race Condition VMware Cloud Foundation Fusion +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-3965 MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow VMware Information Disclosure Cloud Foundation Fusion +2
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-3964 MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure VMware Cloud Foundation Fusion Workstation +1
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2020-3963 MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption VMware Cloud Foundation +3
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-3962 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption VMware Cloud Foundation +3
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-3969 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow VMware Cloud Foundation Fusion Workstation +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-3959 LOW Monitor

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Fusion Workstation ESXi
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-3958 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Fusion Workstation ESXi
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-3955 CRITICAL PATCH Act Now

ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS VMware ESXi
NVD
CVSS 3.1
9.3
EPSS
1.3%
CVE-2019-5544 CRITICAL POC KEV PATCH THREAT Act Now

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow VMware Memory Corruption Horizon Daas ESXi +14
NVD
CVSS 3.1
9.8
EPSS
96.8%
CVE-2019-5536 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Fusion Workstation ESXi
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-5527 HIGH This Week

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware Information Disclosure Memory Corruption Horizon +4
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2019-5521 CRITICAL Act Now

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.1
9.6
EPSS
1.6%
CVE-2019-5531 MEDIUM This Month

VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Information Disclosure ESXi Vsphere Esxi Vcenter Server
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-5528 MEDIUM PATCH This Month

VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service VMware ESXi
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2019-5520 MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2019-5517 MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.0
6.8
EPSS
1.1%
CVE-2019-5516 MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.0
6.8
EPSS
1.7%
CVE-2019-5519 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

VMware Information Disclosure Fusion Workstation ESXi
NVD
CVSS 3.0
6.8
EPSS
1.0%
CVE-2019-5518 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.0
6.8
EPSS
0.8%
CVE-2018-6982 MEDIUM This Month

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation Fusion ESXi
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2018-6981 HIGH This Week

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below,. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation Fusion ESXi
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2018-6974 HIGH PATCH This Week

VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

VMware Information Disclosure Buffer Overflow Workstation Fusion +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2018-6977 MEDIUM This Month

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware ESXi Workstation Fusion
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-6972 MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service VMware Workstation Fusion +1
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2018-6967 HIGH This Week

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Buffer Overflow Fusion Workstation +1
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2018-6966 HIGH This Week

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Buffer Overflow Fusion Workstation +1
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2018-6965 HIGH This Week

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Buffer Overflow Workstation ESXi +1
NVD
CVSS 3.1
8.1
EPSS
3.0%
CVE-2017-5753 MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Rated medium severity (CVSS 5.6). Public exploit code available and EPSS exploitation probability 94.3%.

Authentication Bypass Atom C Atom E Atom X3 Atom X5 E3930 +304
NVD Exploit-DB VulDB
CVSS 3.1
5.6
EPSS
94.3%
Threat
5.4
CVE-2017-4941 HIGH PATCH This Week

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE VMware Fusion Workstation +1
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2017-4940 MEDIUM This Month

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS VMware ESXi
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-4933 HIGH This Week

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption VMware RCE Workstation Pro +2
NVD
CVSS 3.1
8.8
EPSS
7.1%
CVE-2017-16544 HIGH POC PATCH This Week

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Busybox Debian Linux ESXi +3
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2017-4925 MEDIUM This Month

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service VMware ESXi Workstation +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-4924 HIGH POC This Week

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption VMware Fusion Workstation Pro +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-4905 MEDIUM POC PATCH This Month

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

VMware Information Disclosure Fusion Fusion Pro Workstation Player +2
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
3.4%
CVE-2017-4904 HIGH This Week

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service VMware Fusion Fusion Pro +3
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-4903 HIGH PATCH This Week

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Player Workstation Pro ESXi +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-4902 HIGH PATCH This Week

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Player Workstation Pro ESXi +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2016-7463 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS VMware ESXi
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5331 MEDIUM PATCH This Month

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Code Injection Vcenter Server ESXi
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5330 HIGH POC THREAT Act Now

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.5%.

Information Disclosure VMware Workstation Player Workstation Pro ESXi +2
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
25.5%
CVE-2015-6933 MEDIUM PATCH This Month

The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

VMware Authentication Bypass Denial Of Service Buffer Overflow Microsoft +4
NVD
CVSS 3.0
6.3
EPSS
1.8%
CVE-2015-1044 LOW PATCH Monitor

vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service VMware Workstation ESXi Player
NVD
CVSS 2.0
3.3
EPSS
0.3%
CVE-2014-8370 MEDIUM PATCH This Month

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation VMware Player Fusion +2
NVD
CVSS 2.0
6.4
EPSS
1.2%
CVE-2014-4241 MEDIUM This Month

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Vcenter Server Vcenter Server Appliance ESXi +1
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-3793 MEDIUM This Month

VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Microsoft Fusion Player +2
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1208 LOW Monitor

VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

VMware Denial Of Service ESXi Fusion Player +2
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2014-1207 MEDIUM This Month

VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware Denial Of Service ESXi Esx
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2013-5973 MEDIUM This Month

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation VMware Esx ESXi
NVD
CVSS 2.0
4.4
EPSS
0.0%
CVE-2013-3519 HIGH This Week

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation VMware Microsoft ESXi Workstation +3
NVD
CVSS 2.0
7.9
EPSS
0.2%
CVE-2013-5970 HIGH This Week

hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

VMware Denial Of Service Esx ESXi
NVD
CVSS 2.0
7.1
EPSS
0.8%
CVE-2013-3658 CRITICAL Act Now

Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal Esx ESXi
NVD
CVSS 2.0
9.4
EPSS
0.6%
CVE-2013-3657 HIGH This Week

Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service RCE Esx +1
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2013-1661 MEDIUM This Month

VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware Denial Of Service Esx ESXi
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-1659 HIGH This Week

VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow VMware Denial Of Service RCE Vcenter Server +2
NVD
CVSS 2.0
7.6
EPSS
0.9%
EPSS 0% CVSS 3.3
LOW Monitor

Ethernet 800-Serie versions up to 2.2.2.0 contains a vulnerability that allows attackers to an information disclosure (CVSS 3.3).

Linux ESXi Information Disclosure
NVD
EPSS 7% CVSS 7.1
HIGH KEV THREAT Act Now

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.

Information Disclosure Buffer Overflow VMware +6
NVD
EPSS 8% CVSS 8.2
HIGH KEV THREAT Act Now

VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes, enabling escape from the VMX sandbox to the ESXi kernel.

Memory Corruption Buffer Overflow VMware +4
NVD
EPSS 53% CVSS 9.3
CRITICAL KEV THREAT Emergency

VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrators on VMs to escape the sandbox and execute code as the VMX process on the host.

Buffer Overflow VMware ESXi +4
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

VMware ESXi contains an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware +5
NVD
EPSS 2% CVSS 7.1
HIGH This Week

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Denial Of Service +4
NVD
EPSS 1% CVSS 8.2
HIGH This Week

VMware ESXi contains an out-of-bounds write vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Memory Corruption +2
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE +5
NVD
EPSS 4% CVSS 6.7
MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE +4
NVD
EPSS 66% CVSS 7.5
HIGH POC KEV THREAT This Week

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smi S Provider Manager Server +3
NVD GitHub
EPSS 2% CVSS 8.2
HIGH This Week

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE VMware +4
NVD
EPSS 0% CVSS 3.3
LOW Monitor

VMware ESXi contains a heap-overflow vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure VMware +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption VMware Buffer Overflow +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

VMware ESXi contains a null-pointer deference vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

VMware Null Pointer Dereference Denial Of Service +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux +125
NVD
EPSS 5% CVSS 6.5
MEDIUM This Month

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Intel Information Disclosure +129
NVD
EPSS 6% CVSS 5.5
MEDIUM PATCH This Month

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen +6
NVD
EPSS 6% CVSS 5.5
MEDIUM PATCH This Month

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen +6
NVD
EPSS 6% CVSS 5.5
MEDIUM PATCH This Month

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Cloud Foundation +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service VMware Workstation +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Cloud Foundation +1
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Use After Free Memory Corruption +5
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service VMware ESXi +3
NVD
EPSS 83% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +3
NVD
EPSS 1% CVSS 7.7
HIGH PATCH This Week

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable.

Buffer Overflow VMware ESXi +4
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Buffer Overflow VMware Information Disclosure +4
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service VMware Cloud Foundation +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption VMware +4
NVD
EPSS 0% CVSS 3.8
LOW Monitor

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service +5
NVD
EPSS 1% CVSS 8.2
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +5
NVD
EPSS 0% CVSS 7.5
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Memory Corruption VMware +4
NVD
EPSS 0% CVSS 7.5
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Race Condition VMware +4
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow VMware Information Disclosure +4
NVD
EPSS 0% CVSS 4.7
MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure VMware Cloud Foundation +3
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption +5
NVD
EPSS 1% CVSS 8.2
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow VMware Cloud Foundation +3
NVD
EPSS 0% CVSS 3.3
LOW Monitor

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Fusion +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Fusion +2
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS VMware ESXi
NVD
EPSS 97% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow VMware Memory Corruption +16
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Fusion +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware Information Disclosure +6
NVD
EPSS 2% CVSS 9.6
CRITICAL Act Now

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Information Disclosure +3
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Information Disclosure ESXi +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service VMware ESXi
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure +3
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure +3
NVD
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure +3
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

VMware Information Disclosure Fusion +2
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow VMware Information Disclosure +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below,. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

VMware Information Disclosure Buffer Overflow +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware ESXi +2
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service VMware +3
NVD
EPSS 2% CVSS 8.1
HIGH This Week

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Buffer Overflow +3
NVD
EPSS 2% CVSS 8.1
HIGH This Week

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Buffer Overflow +3
NVD
EPSS 3% CVSS 8.1
HIGH This Week

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Buffer Overflow +3
NVD
EPSS 94% 5.4 CVSS 5.6
MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Rated medium severity (CVSS 5.6). Public exploit code available and EPSS exploitation probability 94.3%.

Authentication Bypass Atom C Atom E +306
NVD Exploit-DB VulDB
EPSS 5% CVSS 8.8
HIGH PATCH This Week

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE VMware +3
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS VMware ESXi
NVD
EPSS 7% CVSS 8.8
HIGH This Week

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption VMware +4
NVD
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Busybox +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service VMware +4
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption VMware +3
NVD
EPSS 3% CVSS 5.5
MEDIUM POC PATCH This Month

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

VMware Information Disclosure Fusion +4
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service VMware +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Player +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Player +4
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS VMware ESXi
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Code Injection Vcenter Server +1
NVD
EPSS 25% CVSS 7.8
HIGH POC THREAT Act Now

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.5%.

Information Disclosure VMware Workstation Player +4
NVD Exploit-DB
EPSS 2% CVSS 6.3
MEDIUM PATCH This Month

The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

VMware Authentication Bypass Denial Of Service +6
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service VMware Workstation +2
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation VMware +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Vcenter Server +3
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Microsoft +4
NVD
EPSS 0% CVSS 3.3
LOW Monitor

VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

VMware Denial Of Service ESXi +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware Denial Of Service ESXi +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation VMware Esx +1
NVD
EPSS 0% CVSS 7.9
HIGH This Week

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation VMware Microsoft +5
NVD
EPSS 1% CVSS 7.1
HIGH This Week

hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

VMware Denial Of Service Esx +1
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal Esx +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware Denial Of Service Esx +1
NVD
EPSS 1% CVSS 7.6
HIGH This Week

VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow VMware Denial Of Service +4
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy