Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Esxi
(Vmware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 129 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-06-15 | CVE-2022-21123 | Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | Debian_linux, Fedora, Sgx_dcap, Sgx_psw, Sgx_sdk, Esxi, Xen | 5.5 | ||
| 2022-06-15 | CVE-2022-21125 | Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | Debian_linux, Fedora, Sgx_dcap, Sgx_psw, Sgx_sdk, Esxi, Xen | 5.5 | ||
| 2022-06-15 | CVE-2022-21166 | Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | Debian_linux, Fedora, Sgx_dcap, Sgx_psw, Sgx_sdk, Esxi, Xen | 5.5 | ||
| 2023-04-25 | CVE-2023-29552 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. | Smi\-S_provider, Service_location_protocol, Linux_enterprise_server, Manager_server, Esxi | 7.5 | ||
| 2011-01-18 | CVE-2010-4263 | The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame. | Linux_kernel, Esx, Esxi | N/A | ||
| 2020-06-25 | CVE-2020-3963 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory. | Cloud_foundation, Esxi, Fusion, Workstation | 5.5 | ||
| 2022-12-14 | CVE-2022-31705 | VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. | Esxi, Fusion, Workstation | 8.2 | ||
| 2022-12-13 | CVE-2022-31699 | VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure. | Cloud_foundation, Esxi | 3.3 | ||
| 2017-11-20 | CVE-2017-16544 | In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. | Busybox, Ubuntu_linux, Debian_linux, N\-Tron_702\-W_firmware, N\-Tron_702m12\-W_firmware, Esxi | 8.8 | ||
| 2022-10-07 | CVE-2022-31681 | VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. | Cloud_foundation, Esxi | 6.5 |