Summary
| Detail | |||
|---|---|---|---|
| Vendor | Vmware | First view | 2017-06-07 |
| Product | Esxi | Last view | 2019-10-10 |
| Version | 6.5 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:vmware:esxi | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2019-10-10 | CVE-2019-5527 | ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. |
| 5.3 | 2019-07-11 | CVE-2019-5528 | VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available. |
| 6.5 | 2018-12-04 | CVE-2018-6982 | VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest. |
| 8.8 | 2018-12-04 | CVE-2018-6981 | VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host. |
| 6.5 | 2018-10-09 | CVE-2018-6977 | VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive. |
| 8.1 | 2018-07-09 | CVE-2018-6967 | VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6966. |
| 8.1 | 2018-07-09 | CVE-2018-6966 | VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967. |
| 8.1 | 2018-07-09 | CVE-2018-6965 | VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6966 and CVE-2018-6967. |
| 7.5 | 2017-12-20 | CVE-2017-4941 | VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. |
| 6.1 | 2017-12-20 | CVE-2017-4940 | The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client. |
| 7.5 | 2017-12-20 | CVE-2017-4933 | VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. |
| 5.5 | 2017-09-15 | CVE-2017-4925 | VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. |
| 8.8 | 2017-09-15 | CVE-2017-4924 | VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. |
| 5.5 | 2017-06-07 | CVE-2017-4905 | VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak. |
| 8.8 | 2017-06-07 | CVE-2017-4904 | The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5. |
| 8.8 | 2017-06-07 | CVE-2017-4903 | VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host. |
| 8.8 | 2017-06-07 | CVE-2017-4902 | VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 37% (6) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 18% (3) | CWE-125 | Out-of-bounds Read |
| 12% (2) | CWE-200 | Information Exposure |
| 6% (1) | CWE-787 | Out-of-bounds Write |
| 6% (1) | CWE-749 | Exposed Dangerous Method or Function |
| 6% (1) | CWE-476 | NULL Pointer Dereference |
| 6% (1) | CWE-416 | Use After Free |
| 6% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-11-12 | Name: A virtualization application installed on the remote macOS or Mac OS X host i... File: macosx_fusion_vmsa_2018_0027.nasl - Type: ACT_GATHER_INFO |
| 2017-12-29 | Name: A virtualization application installed on the remote macOS or Mac OS X host i... File: macosx_fusion_vmsa_2017_0021.nasl - Type: ACT_GATHER_INFO |
| 2017-09-21 | Name: A virtualization application installed on the remote Windows host is affected... File: vmware_workstation_win_vmsa_2017_0015.nasl - Type: ACT_GATHER_INFO |
| 2017-09-21 | Name: A virtualization application installed on the remote Linux host is affected b... File: vmware_workstation_linux_vmsa_2017_0015.nasl - Type: ACT_GATHER_INFO |
| 2017-09-21 | Name: The remote VMware ESXi 6.5 host is affected by multiple vulnerabilities. File: vmware_esxi_6_5_build_5969300_remote.nasl - Type: ACT_GATHER_INFO |
| 2017-09-21 | Name: The remote VMware ESXi 5.5 host is affected by an RPC NULL pointer dereferenc... File: vmware_esxi_5_5_build_6480267_remote.nasl - Type: ACT_GATHER_INFO |
| 2017-09-21 | Name: A virtualization application installed on the remote macOS or Mac OS X host i... File: macosx_fusion_vmsa_2017_0015__8_5_8.nasl - Type: ACT_GATHER_INFO |
| 2017-09-21 | Name: A virtualization application installed on the remote macOS or Mac OS X host i... File: macosx_fusion_vmsa_2017_0015__8_5_4.nasl - Type: ACT_GATHER_INFO |
| 2017-09-20 | Name: The remote VMware ESXi host is missing one or more security-related patches. File: vmware_VMSA-2017-0015.nasl - Type: ACT_GATHER_INFO |
| 2017-09-20 | Name: The remote VMware ESXi 6.0 host is affected by multiple vulnerabilities. File: vmware_esxi_6_0_build_5485776_remote.nasl - Type: ACT_GATHER_INFO |
| 2017-03-31 | Name: The remote VMware ESXi 6.5 host is affected by multiple vulnerabilities. File: vmware_esxi_6_5_build_5224529_remote.nasl - Type: ACT_GATHER_INFO |
| 2017-03-31 | Name: The remote VMware ESXi 6.0 host is affected by multiple vulnerabilities. File: vmware_esxi_6_0_build_5251621_remote.nasl - Type: ACT_GATHER_INFO |
| 2017-03-31 | Name: The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities. File: vmware_esxi_5_5_build_5230635_remote.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: A virtualization application installed on the remote macOS or Mac OS X host i... File: macosx_fusion_vmsa_2017_0006.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: A virtualization application installed on the remote Windows host is affected... File: vmware_workstation_win_vmsa_2017_0006.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: A virtualization application installed on the remote Linux host is affected b... File: vmware_workstation_linux_vmsa_2017_0006.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: The remote VMware ESXi host is missing one or more security-related patches. File: vmware_VMSA-2017-0006.nasl - Type: ACT_GATHER_INFO |
