Summary
Detail | |||
---|---|---|---|
Vendor | Vmware | First view | 2008-11-10 |
Product | Esxi | Last view | 2020-12-21 |
Version | * | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:vmware:esxi |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2020-12-21 | CVE-2020-3999 | VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition. |
8.8 | 2019-10-10 | CVE-2019-5527 | ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. |
8.8 | 2018-10-16 | CVE-2018-6974 | VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. |
6.5 | 2018-07-25 | CVE-2018-6972 | VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. |
9.3 | 2008-11-10 | CVE-2008-4281 | Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
40% (2) | CWE-476 | NULL Pointer Dereference |
20% (1) | CWE-416 | Use After Free |
20% (1) | CWE-125 | Out-of-bounds Read |
20% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
49947 | VMware ESX / ESXi Datastore.FileManagement Unspecified Traversal Privilege Es... |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-10-26 | Name: A virtualization application installed on the remote macOS or Mac OS X host i... File: macosx_fusion_vmsa_2018_0026.nasl - Type: ACT_GATHER_INFO |
2009-07-27 | Name: The remote VMware ESXi / ESX host is missing a security-related patch. File: vmware_VMSA-2008-0018.nasl - Type: ACT_GATHER_INFO |