This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


Vendor Vmware First view 2008-11-10
Product Esxi Last view 2020-12-21
Version * Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
CPE Product cpe:2.3:o:vmware:esxi

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2020-12-21 CVE-2020-3999

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.

8.8 2019-10-10 CVE-2019-5527

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

8.8 2018-10-16 CVE-2018-6974

VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host.

6.5 2018-07-25 CVE-2018-6972

VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

9.3 2008-11-10 CVE-2008-4281

Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors.

CWE : Common Weakness Enumeration

40% (2) CWE-476 NULL Pointer Dereference
20% (1) CWE-416 Use After Free
20% (1) CWE-125 Out-of-bounds Read
20% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Open Source Vulnerability Database (OSVDB)

id Description
49947 VMware ESX / ESXi Datastore.FileManagement Unspecified Traversal Privilege Es...

Nessus® Vulnerability Scanner

id Description
2018-10-26 Name: A virtualization application installed on the remote macOS or Mac OS X host i...
File: macosx_fusion_vmsa_2018_0026.nasl - Type: ACT_GATHER_INFO
2009-07-27 Name: The remote VMware ESXi / ESX host is missing a security-related patch.
File: vmware_VMSA-2008-0018.nasl - Type: ACT_GATHER_INFO