Lucene search
K

139 matches found

CVE
CVE
added 2019/12/06 3:54 p.m.1672 views

CVE-2019-5544

CVE-2019-5544 refers to a heap-based buffer overflow in OpenSLP used by VMware ESXi and Horizon DaaS, triggered by processing URLs in service requests to port 427. The root cause is improper bounds checking in the OpenSLP slpd service (ProcessSrvRqst), enabling remote code execution via a crafted...

9.8CVSS9.2AI score0.96823EPSS
In wild
CVE
CVE
added 2008/06/05 8:21 p.m.1449 views

CVE-2008-2100

CVE-2008-2100 corresponds to VMware VIX API Multiple Buffer Overflow Vulnerabilities (VMSA-2008-0009). It affects VIX API 1.1.x before 1.1.4 build 93057 across host products (VMware Workstation 5.x/6.x, VMware Player 1.x/2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, ...

7.2CVSS7.3AI score0.00598EPSS
CVE
CVE
added 2020/10/20 4:11 p.m.1325 views

CVE-2020-3992

CVE-2020-3992 describes a use-after-free in OpenSLP used by VMware ESXi. A malicious actor on the management network with access to UDP port 427 can trigger remote code execution. Affected VMware ESXi versions include 7.0 prior to ESXi_7.0.1-0.0.16850804, 6.7 prior to ESXi670-202010401-SG, and 6....

10CVSS9.5AI score0.83015EPSS
In wild
CVE
CVE
added 2018/01/04 1:0 p.m.1145 views

CVE-2017-5753

CVE-2017-5753 is part of the Spectre family (Variant 1) described in the SPECTRE_MELTDOWN_ADVISORY: it involves speculative execution and a bounds-check bypass that can enable an unprivileged attacker to read privileged memory via cache timing analysis. IBM’s AIX/VIOS advisories and iFixes addres...

5.6CVSS6.1AI score0.93838EPSS
CVE
CVE
added 2021/02/24 4:57 p.m.803 views

CVE-2021-21974

CVE-2021-21974 is a heap-based overflow in VMware ESXi’s OpenSLP service that can enable remote code execution when an attacker on the same network segment can reach port 427. Affected releases include ESXi 7.x (before ESXi70U1c-17325551), ESXi 6.7 (before 202102401-SG), and ES6.5 (before 2021021...

8.8CVSS8.9AI score0.45063EPSS
In wildWeb
CVE
CVE
added 2025/03/04 11:56 a.m.795 views

CVE-2025-22226

CVE-2025-22226 affects VMware ESXi, Workstation, and Fusion via an out-of-bounds read in HGFS, allowing a VM-guest with local admin rights to leak memory from the vmx host process (information disclosure). Connected sources corroborate three related VMware flaws (CVE-2025-22224, CVE-2025-22225) a...

7.1CVSS7.7AI score0.01676EPSS
In wild
CVE
CVE
added 2019/10/10 4:28 p.m.707 views

CVE-2019-5527

CVE-2019-5527 is a use-after-free in the virtual sound device affecting VMware ESXi, Workstation, Fusion, VMRC and Horizon Client. The issue allows a local attacker with low privileges on a guest to potentially execute code on the host, with impact on confidentiality, integrity and availability d...

8.8CVSS8.6AI score0.00303EPSS
CVE
CVE
added 2010/12/06 8:0 p.m.637 views

CVE-2010-3904

CVE-2010-3904 is a Linux kernel flaw in the RDS implementation where rds_page_copy_user does not validate user-space addresses, enabling local privilege escalation via crafted sendmsg/recvmsg calls. Affected: Linux kernels prior to 2.6.36; fixed in later kernel releases (e.g., Red Hat/CentOS advi...

7.8CVSS6.4AI score0.11217EPSS
In wild
CVE
CVE
added 2025/03/04 11:56 a.m.570 views

CVE-2025-22224

CVE-2025-22224 refers to a TOCTOU race condition in VMware ESXi/Workstation that can cause an out-of-bounds write. IBM’s security bulletin ties this to Broadcom VMware ESXi vulnerabilities and details that a local admin within a VM can exploit the vulnerability to run code in the host’s VMX proce...

9.3CVSS9.3AI score0.01524EPSS
In wild
CVE
CVE
added 2022/06/15 7:59 p.m.461 views

CVE-2022-21123

CVE-2022-21123 stems from incomplete cleanup of multi-core shared buffers on some Intel processors, enabling potential information disclosure via local access by an authenticated user. The linked Astra Linux advisory and multiple Linux kernel advisories corroborate the issue and its local impact....

5.5CVSS6.3AI score0.06283EPSS
CVE
CVE
added 2023/04/25 12:0 a.m.440 views

CVE-2023-29552

CVE-2023-29552 describes a DoS vulnerability in the Service Location Protocol (SLP) where an unauthenticated remote attacker can register arbitrary services, causing SLP server to respond with spoofed traffic and enabling large amplification (reported up to ~2,200x). Documented impacts include po...

7.5CVSS7.4AI score0.65873EPSS
In wild
CVE
CVE
added 2013/12/04 3:0 p.m.432 views

CVE-2013-3519

CVE-2013-3519 concerns a privilege-escalation flaw in VMware’s LGTOSYNC.SYS driver. A crafted memory allocation could allow a guest OS user to gain guest-OS privileges on 32-bit Windows guests. Affected products/versions (per VMSA-2013-0014 and associated advisories): VMware Workstation 9.x befor...

7.9CVSS6.5AI score0.00506EPSS
CVE
CVE
added 2022/07/12 12:0 a.m.405 views

CVE-2022-29901

CVE-2022-29901 : Intel microprocessor generations 6–8 are affected by a Spectre variant that can bypass the kernel retpoline mitigation to leak arbitrary data. An unprivileged local attacker can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitec...

6.5CVSS7.1AI score0.04947EPSS
CVE
CVE
added 2022/06/15 8:1 p.m.404 views

CVE-2022-21125

Public documentation in the provided sources does not disclose detailed technical information (affected products, root cause, or fixes) for CVE-2022-21125 beyond the general description. Monitor for updates from vendors and advisories.

5.5CVSS6.3AI score0.06451EPSS
CVE
CVE
added 2017/11/20 3:0 p.m.401 views

CVE-2017-16544

CVE-2017-16544 affects BusyBox, specifically the add_match function in libbb/lineedit.c, where tab completion can execute an escape sequence in the terminal due to unsanitized filenames (vulnerable through 1.27.2). Multiple connected advisories confirm the issue and describe potential arbitrary c...

8.8CVSS8.4AI score0.0624EPSS
CVE
CVE
added 2022/07/14 7:27 p.m.391 views

CVE-2022-23825

CVE-2022-23825 affects AMD processors where branch-predictor aliases can cause misclassification of branches, potentially exposing information. The connected advisories show Linux kernel mitigations are being released for Amazon Linux 2/ALAS kernels (e.g., ALAS2KERNEL-5.10-2025-086 and ALAS2KERNE...

6.5CVSS6.8AI score0.00772EPSS
CVE
CVE
added 2025/03/04 11:56 a.m.389 views

CVE-2025-22225

CVE-2025-22225 applies to VMware ESXi and involves an arbitrary write vulnerability where a malicious actor with privileges within the VMX process can trigger an arbitrary kernel write, leading to a sandbox escape. CVSS 3.1 base score 8.2 (HIGH) with LOCAL attack vector and HIGH impact on confide...

8.2CVSS8.8AI score0.00963EPSS
In wild
CVE
CVE
added 2022/06/15 8:3 p.m.385 views

CVE-2022-21166

CVE-2022-21166 is described in connected Astra Linux bulletin as an issue in incomplete cleanup in specific special register write operations for some Intel processors, potentially allowing an authenticated local user to disclose information. The description mirrors the vulnerability text in the ...

5.5CVSS6.3AI score0.05899EPSS
CVE
CVE
added 2024/06/25 2:16 p.m.342 views

CVE-2024-37085

CVE-2024-37085 affects VMware ESXi via an authentication bypass in domain-joined configurations. An actor with sufficient AD permissions can gain full admin access by re-creating a configured AD group (commonly named ESXi Admins or ESX Admins) after deletion. Multiple sources note exploitation ac...

7.2CVSS7.4AI score0.2677EPSS
In wild
CVE
CVE
added 2022/12/14 12:0 a.m.326 views

CVE-2022-31705

CVE-2022-31705 is a heap out-of-bounds write in the USB 2.0 EHCI controller affecting VMware ESXi, Workstation, and Fusion. A local administrator within a guest VM can exploit this to execute code in the VMX process on the host; on ESXi the exploit is contained within the VMX sandbox, while on Wo...

8.2CVSS8.4AI score0.01546EPSS
CVE
CVE
added 2022/01/04 9:39 p.m.324 views

CVE-2021-22045

The CVE-2021-22045 vulnerability is a heap overflow in CD-ROM device emulation affecting multiple VMware products: ESXi (versions 6.5, 6.7, 7.0), Workstation (16.x up to 16.2.0), and Fusion (12.x up to 12.2.0). The underlying issue is a heap overflow in the CD-ROM device emulation, which could en...

7.8CVSS7.6AI score0.04681EPSS
CVE
CVE
added 2019/09/20 6:0 p.m.318 views

CVE-2019-5521

CVE-2019-5521 is an out-of-bounds read vulnerability in VMware's pixel shader pipeline affecting ESXi, Workstation, and Fusion. Exploitation requires access to a VM with 3D graphics enabled and can lead to information disclosure or a host DoS; ESXi mitigations are not enabled by default, while Wo...

9.6CVSS8.7AI score0.01628EPSS
CVE
CVE
added 2020/12/21 3:14 p.m.284 views

CVE-2020-3999

CVE-2020-3999 affects VMware ESXi (7.0 with patch ESXi70U1c-17325551), VMware Workstation (16.x before 16.0 and 15.x before 15.5.7), VMware Fusion (12.x before 12.0 and 11.x before 11.5.7) and VMware Cloud Foundation. The vulnerability is a denial of service caused by improper input validation in...

6.5CVSS6.2AI score0.00349EPSS
CVE
CVE
added 2019/07/11 8:15 p.m.261 views

CVE-2019-5528

CVE-2019-5528 affects VMware ESXi 6.5 (and related) via a partial denial-of-service in the hostd process. The root cause is triggered by multiple failed login attempts over the network, which can make hostd unresponsive and potentially disconnect the host from vCenter. VMware publishes fixes: ESX...

5.3CVSS5.1AI score0.01701EPSS
CVE
CVE
added 2019/09/18 9:42 p.m.261 views

CVE-2019-5531

Summary (validated by connected documents): CVE-2019-5531 affects VMware vSphere ESXi (6.7, 6.5, 6.0 lines) and vCenter Server (6.7, 6.5, 6.0 lines) due to an information disclosure vulnerability caused by insufficient session expiration. An attacker with physical access or who can mimic a websoc...

5.8CVSS6.3AI score0.00967EPSS
CVE
CVE
added 2022/02/16 4:37 p.m.248 views

CVE-2021-22040

Vulnerability CVE-2021-22040 affects VMware ESXi, Workstation, and Fusion due to a use-after-free in the XHCI USB controller. The issue lets a malicious actor with local VM admin privileges execute code as the host VMX process running on the host. This is a host-level impact triggered from within...

6.7CVSS7.2AI score0.00725EPSS
CVE
CVE
added 2024/03/05 5:58 p.m.236 views

CVE-2024-22255

CVE-2024-22255 is an information disclosure vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. A malicious actor with administrative access inside a guest VM can leak memory from the VMX process, potentially exposing sensitive data. The issue is documented wi...

7.1CVSS7.7AI score0.02311EPSS
CVE
CVE
added 2010/07/27 10:0 p.m.230 views

CVE-2010-0211

CVE-2010-0211 affects OpenLDAP 2.4.22 slapd: the function slap_modrdn2mods does not check the smr_normalize return value, allowing a remote attacker to trigger a denial of service (segmentation fault) and potentially execute code via a modrdn request containing invalid UTF-8, which leads to freei...

9.8CVSS8.8AI score0.29238EPSS
CVE
CVE
added 2022/02/16 4:37 p.m.225 views

CVE-2021-22041

CVE-2021-22041 is a double-fetch vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. The flaw allows a malicious actor with local VM-level administrative privileges to execute code as the VMX process running on the host, via isochronous USB endpoints. Red Hat ...

6.7CVSS7.1AI score0.00574EPSS
CVE
CVE
added 2020/11/20 7:6 p.m.207 views

CVE-2020-4004

CVE-2020-4004 is a use-after-free in the XHCI USB controller affecting VMware ESXi (7.0 before ESXi70U1b-17168206; 6.7 before ESXi670-202011101-SG; 6.5 before ESXi650-202011301-SG), VMware Workstation (15.x before 15.5.7), and VMware Fusion (11.x before 11.5.7). The underlying issue allows a mali...

8.2CVSS7.8AI score0.00392EPSS
CVE
CVE
added 2022/02/16 4:37 p.m.206 views

CVE-2021-22050

CVE-2021-22050 is a slow HTTP POST denial-of-service vulnerability in ESXi's rhttpproxy. Exploitation requires network access to ESXi and can overwhelm the service to cause DoS. Connected sources (Red Hat CVE page) confirm the same description. VMware’s VMSA-2022-0004 is the remediation advisory ...

7.5CVSS7.5AI score0.02316EPSS
CVE
CVE
added 2009/11/02 3:0 p.m.198 views

CVE-2009-3733

CVE-2009-3733 describes a directory traversal vulnerability in VMware Server 1.x (before 1.0.10 build 203137) and 2.x (before 2.0.2 build 203138) on Linux, plus VMware ESXi 3.5 and VMware ESX 3.0.3/3.5. The issue allows remote attackers to read arbitrary files via unspecified vectors. Connected s...

5CVSS6.7AI score0.83378EPSS
CVE
CVE
added 2020/04/29 2:14 a.m.195 views

CVE-2020-3955

CVE-2020-3955 affects VMware ESXi 6.5 and 6.7 via a stored XSS in the ESXi Host Client when viewing virtual machine attributes. The underlying issue is improper neutralization of script-related HTML, allowing an authenticated attacker who can modify VM properties (e.g., hostname) to inject script...

9.3CVSS9.1AI score0.01309EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.190 views

CVE-2022-31696

CVE-2022-31696 is a memory‑corruption flaw in VMware ESXi related to how a network socket is handled. A local, authenticated attacker could exploit this to escape the ESXi sandbox. Affected: ESXi (versions referenced in connected docs). Impact: potential memory corruption with high severity. Miti...

8.8CVSS8.5AI score0.0034EPSS
CVE
CVE
added 2021/07/13 6:5 p.m.189 views

CVE-2021-21994

CVE-2021-21994 affects VMware ESXi via SFCB authentication bypass. A remote attacker with network access to port 5989 can bypass SFCB authentication by a crafted request. VMware's VMSA-2021-0014 provides patched versions: ESXi 7.0 (ESXi70U2-17630552), ESXi 6.7 (ESXi670-202103101-SG), and ESXi 6.5...

9.8CVSS9.5AI score0.01158EPSS
CVE
CVE
added 2009/08/27 5:0 p.m.186 views

CVE-2009-2698

CVE-2009-2698 affects the Linux kernel UDP implementation (net/ipv4/udp.c and net/ipv6/udp.c) prior to 2.6.19. Local users can gain privileges or cause a denial of service (NULL pointer dereference/system crash) via UDP socket use with MSG_MORE. Oracle Linux/MiracleLinux advisories reference this...

7.8CVSS7.1AI score0.0718EPSS
In wild
CVE
CVE
added 2024/03/05 5:57 p.m.185 views

CVE-2024-22252

Summary of CVE-2024-22252 : VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges inside a VM can exploit this to execute code as the VMX process on the host; on ESXi the effect is contained w...

9.3CVSS9.5AI score0.03542EPSS
CVE
CVE
added 2022/02/16 4:37 p.m.183 views

CVE-2021-22043

CVE-2021-22043 affects VMware ESXi. It is a TOCTOU vulnerability in how temporary files are handled by the settingsd service, enabling a user with access to settingsd to escalate privileges by writing arbitrary files. The issue is discussed alongside related flaws (CVE-2021-22040/22041/22042/2205...

7.5CVSS7.7AI score0.01052EPSS
CVE
CVE
added 2018/10/16 8:0 p.m.172 views

CVE-2018-6974

CVE-2018-6974 describes an out-of-bounds read in the SVGA device affecting VMware ESXi (various older builds), VMware Workstation (14.x before 14.1.3), and VMware Fusion (10.x before 10.1.3). The issue could allow a guest to execute code on the host due to SVGA parsing/reading flaws. Affected pro...

8.8CVSS8.6AI score0.00475EPSS
CVE
CVE
added 2024/03/05 5:58 p.m.169 views

CVE-2024-22254

CVE-2024-22254 : VMware ESXi contains an out-of-bounds write vulnerability in the VMX sandbox process. A local, privileged attacker within a VMX context could trigger the write and escape the sandbox, potentially impacting the host. Public details confirm the issue affects ESXi (and related VMwar...

8.2CVSS8.6AI score0.00501EPSS
CVE
CVE
added 2017/09/15 1:0 p.m.166 views

CVE-2017-4924

CVE-2017-4924 is a VMware SVGA out-of-bounds write vulnerability that can allow a guest VM to execute code on the host. Affected products and versions (per provided docs): ESXi 6.5 prior to patch ESXi650-201707101-SG; VMware Workstation 12.x prior to 12.5.7; VMware Fusion 8.x prior to 8.5.8. The ...

8.8CVSS8.7AI score0.00608EPSS
CVE
CVE
added 2020/10/20 4:8 p.m.160 views

CVE-2020-3981

CVE-2020-3981 affects VMware products (ESXi, Workstation, Fusion) with an out-of-bounds read caused by a TOCTOU in the ACPI device. An attacker with VM-level admin access can leak memory from the vmx process. CVE-2020-3982 is a related out-of-bounds write in the same ACPI TOCTOU path, potentially...

5.8CVSS6.2AI score0.00792EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.158 views

CVE-2022-31699

CVE-2022-31699 is a heap-overflow in VMware ESXi. A local authenticated attacker within a sandbox may disclose partial information from memory. Affected: ESXi runtimes; root cause is a heap-based overflow. Remediation in documents points to applying VMware VMSA-2022-0030 fixes (updating ESXi to f...

3.3CVSS5.3AI score0.00201EPSS
CVE
CVE
added 2020/11/20 7:6 p.m.154 views

CVE-2020-4005

CVE-2020-4005 affects VMware ESXi 7.0 (before ESXi70U1b-17168206), 6.7 (before ESXi670-202011101-SG), and 6.5 (before ESXi650-202011301-SG). The issue is a privilege-escalation flaw in how certain system calls are managed, allowing a malicious actor with privileges inside the VMX process to escal...

7.8CVSS7.7AI score0.00382EPSS
CVE
CVE
added 2018/12/04 2:0 p.m.152 views

CVE-2018-6981

CVE-2018-6981 describes an uninitialized stack memory issue in the vmxnet3 virtual network adapter that could allow a guest to execute code on the host. Affected VMware products include ESXi 6.7 (without ESXi670-201811401-BG), ESXi 6.5 (without ESXi650-201811301-BG), ESXi 6.0 (without ESXi600-201...

8.8CVSS8.7AI score0.01272EPSS
CVE
CVE
added 2013/02/11 10:0 p.m.149 views

CVE-2013-1406

CVE-2013-1406 affects VMware VMCI in vmci.sys across VMware Workstation (8.x before 8.0.5; 9.x before 9.0.1), VMware Fusion (4.1 before 4.1.4; 5.0 before 5.0.2), VMware View (4.x before 4.6.2; 5.x before 5.1.2), VMware ESXi/ESX (4.0–5.1). Root cause: improper restriction of memory allocation by V...

7.2CVSS6.3AI score0.00968EPSS
CVE
CVE
added 2019/04/01 8:39 p.m.144 views

CVE-2019-5519

CVE-2019-5519 describes a TOCTOU vulnerability in the virtual USB 1.1 UHCI on VMware products. A guest VM with a virtual USB controller can potentially execute code on the host. Affected: VMware ESXi (various 6.x versions), Workstation (14.x/15.x), and Fusion (10.x/11.x) before the patched builds...

7.2CVSS7.5AI score0.01004EPSS
CVE
CVE
added 2012/11/20 2:0 a.m.143 views

CVE-2012-5703

CVE-2012-5703 affects VMware ESXi 4.1 / ESX 4.1 via the vSphere API. The vulnerability arises from improper handling of certain SOAP requests in RetrieveProp and RetrievePropEx, allowing remote attackers to cause a denial-of-service (host daemon crash). Exploitation is described as remote and una...

5CVSS6.6AI score0.02374EPSS
CVE
CVE
added 2024/03/05 5:57 p.m.142 views

CVE-2024-22253

CVE-2024-22253 is a use-after-free in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. A malicious actor with local VM admin privileges can exploit it to execute code as the VMX process on the host; on ESXi this is contained within the VMX sandbox, while Workstation/Fusion ...

9.3CVSS9.5AI score0.00645EPSS
CVE
CVE
added 2009/08/11 6:0 p.m.140 views

CVE-2009-2416

CVE-2009-2416 is a use-after-free in libxml2 (versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, 2.6.32) and libxml 1.8.17 triggered by crafted Notation/Enumeration attribute types in a DTD; leads to denial of service (application crash). Related CVE-2009-2414 is a stack-growth DoS via deep DTD structures....

6.5CVSS6.7AI score0.01793EPSS
Total number of security vulnerabilities139