This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Vmware First view 2017-06-07
Product Esxi Last view 2019-10-10
Version 6.5 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:vmware:esxi

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2019-10-10 CVE-2019-5527

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

5.3 2019-07-11 CVE-2019-5528

VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available.

6.5 2018-12-04 CVE-2018-6982

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.

8.8 2018-12-04 CVE-2018-6981

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host.

6.5 2018-10-09 CVE-2018-6977

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.

8.1 2018-07-09 CVE-2018-6967

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6966.

8.1 2018-07-09 CVE-2018-6966

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967.

8.1 2018-07-09 CVE-2018-6965

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6966 and CVE-2018-6967.

7.5 2017-12-20 CVE-2017-4941

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

6.1 2017-12-20 CVE-2017-4940

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.

7.5 2017-12-20 CVE-2017-4933

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

5.5 2017-09-15 CVE-2017-4925

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

8.8 2017-09-15 CVE-2017-4924

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.

5.5 2017-06-07 CVE-2017-4905

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.

8.8 2017-06-07 CVE-2017-4904

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.

8.8 2017-06-07 CVE-2017-4903

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.

8.8 2017-06-07 CVE-2017-4902

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.

CWE : Common Weakness Enumeration

%idName
37% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
18% (3) CWE-125 Out-of-bounds Read
12% (2) CWE-200 Information Exposure
6% (1) CWE-787 Out-of-bounds Write
6% (1) CWE-749 Exposed Dangerous Method or Function
6% (1) CWE-476 NULL Pointer Dereference
6% (1) CWE-416 Use After Free
6% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Nessus® Vulnerability Scanner

id Description
2018-11-12 Name: A virtualization application installed on the remote macOS or Mac OS X host i...
File: macosx_fusion_vmsa_2018_0027.nasl - Type: ACT_GATHER_INFO
2017-12-29 Name: A virtualization application installed on the remote macOS or Mac OS X host i...
File: macosx_fusion_vmsa_2017_0021.nasl - Type: ACT_GATHER_INFO
2017-09-21 Name: A virtualization application installed on the remote Windows host is affected...
File: vmware_workstation_win_vmsa_2017_0015.nasl - Type: ACT_GATHER_INFO
2017-09-21 Name: A virtualization application installed on the remote Linux host is affected b...
File: vmware_workstation_linux_vmsa_2017_0015.nasl - Type: ACT_GATHER_INFO
2017-09-21 Name: The remote VMware ESXi 6.5 host is affected by multiple vulnerabilities.
File: vmware_esxi_6_5_build_5969300_remote.nasl - Type: ACT_GATHER_INFO
2017-09-21 Name: The remote VMware ESXi 5.5 host is affected by an RPC NULL pointer dereferenc...
File: vmware_esxi_5_5_build_6480267_remote.nasl - Type: ACT_GATHER_INFO
2017-09-21 Name: A virtualization application installed on the remote macOS or Mac OS X host i...
File: macosx_fusion_vmsa_2017_0015__8_5_8.nasl - Type: ACT_GATHER_INFO
2017-09-21 Name: A virtualization application installed on the remote macOS or Mac OS X host i...
File: macosx_fusion_vmsa_2017_0015__8_5_4.nasl - Type: ACT_GATHER_INFO
2017-09-20 Name: The remote VMware ESXi host is missing one or more security-related patches.
File: vmware_VMSA-2017-0015.nasl - Type: ACT_GATHER_INFO
2017-09-20 Name: The remote VMware ESXi 6.0 host is affected by multiple vulnerabilities.
File: vmware_esxi_6_0_build_5485776_remote.nasl - Type: ACT_GATHER_INFO
2017-03-31 Name: The remote VMware ESXi 6.5 host is affected by multiple vulnerabilities.
File: vmware_esxi_6_5_build_5224529_remote.nasl - Type: ACT_GATHER_INFO
2017-03-31 Name: The remote VMware ESXi 6.0 host is affected by multiple vulnerabilities.
File: vmware_esxi_6_0_build_5251621_remote.nasl - Type: ACT_GATHER_INFO
2017-03-31 Name: The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities.
File: vmware_esxi_5_5_build_5230635_remote.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: A virtualization application installed on the remote macOS or Mac OS X host i...
File: macosx_fusion_vmsa_2017_0006.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: A virtualization application installed on the remote Windows host is affected...
File: vmware_workstation_win_vmsa_2017_0006.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: A virtualization application installed on the remote Linux host is affected b...
File: vmware_workstation_linux_vmsa_2017_0006.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote VMware ESXi host is missing one or more security-related patches.
File: vmware_VMSA-2017-0006.nasl - Type: ACT_GATHER_INFO