Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Esxi Security Vulnerabilities - CVSS Score 5 - 6

cve
cve

CVE-2009-3733

Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.

6.7AI Score

0.955EPSS

2009-11-02 03:30 PM
155
cve
cve

CVE-2010-3609

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next ex...

7.2AI Score

0.371EPSS

2011-03-11 05:55 PM
41
cve
cve

CVE-2011-1786

lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login at...

6.3AI Score

0.055EPSS

2011-05-03 10:55 PM
27
cve
cve

CVE-2011-1789

The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoo...

6.6AI Score

0.002EPSS

2011-05-09 10:55 PM
28
cve
cve

CVE-2012-5703

The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request.

6.6AI Score

0.048EPSS

2012-11-20 05:52 AM
106
cve
cve

CVE-2014-3793

VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereferenc...

6.6AI Score

0.002EPSS

2014-05-31 11:17 AM
33
cve
cve

CVE-2016-7463

Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM.

5.4CVSS

5AI Score

0.001EPSS

2016-12-29 09:59 AM
36
cve
cve

CVE-2017-4905

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x pri...

5.5CVSS

6.5AI Score

0.001EPSS

2017-06-07 06:29 PM
91
cve
cve

CVE-2017-4925

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC reque...

5.5CVSS

6AI Score

0.001EPSS

2017-09-15 01:29 PM
52
cve
cve

CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

5.6CVSS

6.1AI Score

0.976EPSS

2018-01-04 01:29 PM
891
9
cve
cve

CVE-2019-5520

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have ac...

5.9CVSS

5.8AI Score

0.018EPSS

2019-04-15 06:29 PM
76
cve
cve

CVE-2019-5528

VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available.

5.3CVSS

5.1AI Score

0.001EPSS

2019-07-11 09:15 PM
226
cve
cve

CVE-2019-5531

VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from ...

5.4CVSS

6.3AI Score

0.001EPSS

2019-09-18 10:15 PM
211
cve
cve

CVE-2020-3958

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non...

5.5CVSS

5.4AI Score

0.0004EPSS

2020-05-29 08:15 PM
78
cve
cve

CVE-2020-3963

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may b...

5.5CVSS

5.9AI Score

0.001EPSS

2020-06-25 03:15 PM
85
cve
cve

CVE-2020-3965

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine ...

5.5CVSS

6AI Score

0.001EPSS

2020-06-25 03:15 PM
83
cve
cve

CVE-2020-3971

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 ...

5.5CVSS

6.1AI Score

0.0004EPSS

2020-06-25 03:15 PM
69
cve
cve

CVE-2020-3976

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

5.3CVSS

5.1AI Score

0.001EPSS

2020-08-21 01:15 PM
92
cve
cve

CVE-2020-3981

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrat...

5.8CVSS

6.2AI Score

0.002EPSS

2020-10-20 05:15 PM
105
cve
cve

CVE-2020-3995

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to t...

5.3CVSS

6AI Score

0.001EPSS

2020-10-20 05:15 PM
61
cve
cve

CVE-2022-21123

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5CVSS

6.3AI Score

0.0005EPSS

2022-06-15 08:15 PM
249
13
cve
cve

CVE-2022-21125

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5CVSS

6.3AI Score

0.001EPSS

2022-06-15 08:15 PM
255
14
cve
cve

CVE-2022-21166

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5CVSS

6.3AI Score

0.0005EPSS

2022-06-15 09:15 PM
246
12