139 matches found
CVE-2019-5544
CVE-2019-5544 refers to a heap-based buffer overflow in OpenSLP used by VMware ESXi and Horizon DaaS, triggered by processing URLs in service requests to port 427. The root cause is improper bounds checking in the OpenSLP slpd service (ProcessSrvRqst), enabling remote code execution via a crafted...
CVE-2008-2100
CVE-2008-2100 corresponds to VMware VIX API Multiple Buffer Overflow Vulnerabilities (VMSA-2008-0009). It affects VIX API 1.1.x before 1.1.4 build 93057 across host products (VMware Workstation 5.x/6.x, VMware Player 1.x/2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, ...
CVE-2020-3992
CVE-2020-3992 describes a use-after-free in OpenSLP used by VMware ESXi. A malicious actor on the management network with access to UDP port 427 can trigger remote code execution. Affected VMware ESXi versions include 7.0 prior to ESXi_7.0.1-0.0.16850804, 6.7 prior to ESXi670-202010401-SG, and 6....
CVE-2017-5753
CVE-2017-5753 is part of the Spectre family (Variant 1) described in the SPECTRE_MELTDOWN_ADVISORY: it involves speculative execution and a bounds-check bypass that can enable an unprivileged attacker to read privileged memory via cache timing analysis. IBM’s AIX/VIOS advisories and iFixes addres...
CVE-2021-21974
CVE-2021-21974 is a heap-based overflow in VMware ESXi’s OpenSLP service that can enable remote code execution when an attacker on the same network segment can reach port 427. Affected releases include ESXi 7.x (before ESXi70U1c-17325551), ESXi 6.7 (before 202102401-SG), and ES6.5 (before 2021021...
CVE-2025-22226
CVE-2025-22226 affects VMware ESXi, Workstation, and Fusion via an out-of-bounds read in HGFS, allowing a VM-guest with local admin rights to leak memory from the vmx host process (information disclosure). Connected sources corroborate three related VMware flaws (CVE-2025-22224, CVE-2025-22225) a...
CVE-2019-5527
CVE-2019-5527 is a use-after-free in the virtual sound device affecting VMware ESXi, Workstation, Fusion, VMRC and Horizon Client. The issue allows a local attacker with low privileges on a guest to potentially execute code on the host, with impact on confidentiality, integrity and availability d...
CVE-2010-3904
CVE-2010-3904 is a Linux kernel flaw in the RDS implementation where rds_page_copy_user does not validate user-space addresses, enabling local privilege escalation via crafted sendmsg/recvmsg calls. Affected: Linux kernels prior to 2.6.36; fixed in later kernel releases (e.g., Red Hat/CentOS advi...
CVE-2025-22224
CVE-2025-22224 refers to a TOCTOU race condition in VMware ESXi/Workstation that can cause an out-of-bounds write. IBM’s security bulletin ties this to Broadcom VMware ESXi vulnerabilities and details that a local admin within a VM can exploit the vulnerability to run code in the host’s VMX proce...
CVE-2022-21123
CVE-2022-21123 stems from incomplete cleanup of multi-core shared buffers on some Intel processors, enabling potential information disclosure via local access by an authenticated user. The linked Astra Linux advisory and multiple Linux kernel advisories corroborate the issue and its local impact....
CVE-2023-29552
CVE-2023-29552 describes a DoS vulnerability in the Service Location Protocol (SLP) where an unauthenticated remote attacker can register arbitrary services, causing SLP server to respond with spoofed traffic and enabling large amplification (reported up to ~2,200x). Documented impacts include po...
CVE-2013-3519
CVE-2013-3519 concerns a privilege-escalation flaw in VMware’s LGTOSYNC.SYS driver. A crafted memory allocation could allow a guest OS user to gain guest-OS privileges on 32-bit Windows guests. Affected products/versions (per VMSA-2013-0014 and associated advisories): VMware Workstation 9.x befor...
CVE-2022-29901
CVE-2022-29901 : Intel microprocessor generations 6–8 are affected by a Spectre variant that can bypass the kernel retpoline mitigation to leak arbitrary data. An unprivileged local attacker can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitec...
CVE-2022-21125
Public documentation in the provided sources does not disclose detailed technical information (affected products, root cause, or fixes) for CVE-2022-21125 beyond the general description. Monitor for updates from vendors and advisories.
CVE-2017-16544
CVE-2017-16544 affects BusyBox, specifically the add_match function in libbb/lineedit.c, where tab completion can execute an escape sequence in the terminal due to unsanitized filenames (vulnerable through 1.27.2). Multiple connected advisories confirm the issue and describe potential arbitrary c...
CVE-2022-23825
CVE-2022-23825 affects AMD processors where branch-predictor aliases can cause misclassification of branches, potentially exposing information. The connected advisories show Linux kernel mitigations are being released for Amazon Linux 2/ALAS kernels (e.g., ALAS2KERNEL-5.10-2025-086 and ALAS2KERNE...
CVE-2025-22225
CVE-2025-22225 applies to VMware ESXi and involves an arbitrary write vulnerability where a malicious actor with privileges within the VMX process can trigger an arbitrary kernel write, leading to a sandbox escape. CVSS 3.1 base score 8.2 (HIGH) with LOCAL attack vector and HIGH impact on confide...
CVE-2022-21166
CVE-2022-21166 is described in connected Astra Linux bulletin as an issue in incomplete cleanup in specific special register write operations for some Intel processors, potentially allowing an authenticated local user to disclose information. The description mirrors the vulnerability text in the ...
CVE-2024-37085
CVE-2024-37085 affects VMware ESXi via an authentication bypass in domain-joined configurations. An actor with sufficient AD permissions can gain full admin access by re-creating a configured AD group (commonly named ESXi Admins or ESX Admins) after deletion. Multiple sources note exploitation ac...
CVE-2022-31705
CVE-2022-31705 is a heap out-of-bounds write in the USB 2.0 EHCI controller affecting VMware ESXi, Workstation, and Fusion. A local administrator within a guest VM can exploit this to execute code in the VMX process on the host; on ESXi the exploit is contained within the VMX sandbox, while on Wo...
CVE-2021-22045
The CVE-2021-22045 vulnerability is a heap overflow in CD-ROM device emulation affecting multiple VMware products: ESXi (versions 6.5, 6.7, 7.0), Workstation (16.x up to 16.2.0), and Fusion (12.x up to 12.2.0). The underlying issue is a heap overflow in the CD-ROM device emulation, which could en...
CVE-2019-5521
CVE-2019-5521 is an out-of-bounds read vulnerability in VMware's pixel shader pipeline affecting ESXi, Workstation, and Fusion. Exploitation requires access to a VM with 3D graphics enabled and can lead to information disclosure or a host DoS; ESXi mitigations are not enabled by default, while Wo...
CVE-2020-3999
CVE-2020-3999 affects VMware ESXi (7.0 with patch ESXi70U1c-17325551), VMware Workstation (16.x before 16.0 and 15.x before 15.5.7), VMware Fusion (12.x before 12.0 and 11.x before 11.5.7) and VMware Cloud Foundation. The vulnerability is a denial of service caused by improper input validation in...
CVE-2019-5528
CVE-2019-5528 affects VMware ESXi 6.5 (and related) via a partial denial-of-service in the hostd process. The root cause is triggered by multiple failed login attempts over the network, which can make hostd unresponsive and potentially disconnect the host from vCenter. VMware publishes fixes: ESX...
CVE-2019-5531
Summary (validated by connected documents): CVE-2019-5531 affects VMware vSphere ESXi (6.7, 6.5, 6.0 lines) and vCenter Server (6.7, 6.5, 6.0 lines) due to an information disclosure vulnerability caused by insufficient session expiration. An attacker with physical access or who can mimic a websoc...
CVE-2021-22040
Vulnerability CVE-2021-22040 affects VMware ESXi, Workstation, and Fusion due to a use-after-free in the XHCI USB controller. The issue lets a malicious actor with local VM admin privileges execute code as the host VMX process running on the host. This is a host-level impact triggered from within...
CVE-2024-22255
CVE-2024-22255 is an information disclosure vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. A malicious actor with administrative access inside a guest VM can leak memory from the VMX process, potentially exposing sensitive data. The issue is documented wi...
CVE-2010-0211
CVE-2010-0211 affects OpenLDAP 2.4.22 slapd: the function slap_modrdn2mods does not check the smr_normalize return value, allowing a remote attacker to trigger a denial of service (segmentation fault) and potentially execute code via a modrdn request containing invalid UTF-8, which leads to freei...
CVE-2021-22041
CVE-2021-22041 is a double-fetch vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. The flaw allows a malicious actor with local VM-level administrative privileges to execute code as the VMX process running on the host, via isochronous USB endpoints. Red Hat ...
CVE-2020-4004
CVE-2020-4004 is a use-after-free in the XHCI USB controller affecting VMware ESXi (7.0 before ESXi70U1b-17168206; 6.7 before ESXi670-202011101-SG; 6.5 before ESXi650-202011301-SG), VMware Workstation (15.x before 15.5.7), and VMware Fusion (11.x before 11.5.7). The underlying issue allows a mali...
CVE-2021-22050
CVE-2021-22050 is a slow HTTP POST denial-of-service vulnerability in ESXi's rhttpproxy. Exploitation requires network access to ESXi and can overwhelm the service to cause DoS. Connected sources (Red Hat CVE page) confirm the same description. VMware’s VMSA-2022-0004 is the remediation advisory ...
CVE-2009-3733
CVE-2009-3733 describes a directory traversal vulnerability in VMware Server 1.x (before 1.0.10 build 203137) and 2.x (before 2.0.2 build 203138) on Linux, plus VMware ESXi 3.5 and VMware ESX 3.0.3/3.5. The issue allows remote attackers to read arbitrary files via unspecified vectors. Connected s...
CVE-2020-3955
CVE-2020-3955 affects VMware ESXi 6.5 and 6.7 via a stored XSS in the ESXi Host Client when viewing virtual machine attributes. The underlying issue is improper neutralization of script-related HTML, allowing an authenticated attacker who can modify VM properties (e.g., hostname) to inject script...
CVE-2022-31696
CVE-2022-31696 is a memory‑corruption flaw in VMware ESXi related to how a network socket is handled. A local, authenticated attacker could exploit this to escape the ESXi sandbox. Affected: ESXi (versions referenced in connected docs). Impact: potential memory corruption with high severity. Miti...
CVE-2021-21994
CVE-2021-21994 affects VMware ESXi via SFCB authentication bypass. A remote attacker with network access to port 5989 can bypass SFCB authentication by a crafted request. VMware's VMSA-2021-0014 provides patched versions: ESXi 7.0 (ESXi70U2-17630552), ESXi 6.7 (ESXi670-202103101-SG), and ESXi 6.5...
CVE-2009-2698
CVE-2009-2698 affects the Linux kernel UDP implementation (net/ipv4/udp.c and net/ipv6/udp.c) prior to 2.6.19. Local users can gain privileges or cause a denial of service (NULL pointer dereference/system crash) via UDP socket use with MSG_MORE. Oracle Linux/MiracleLinux advisories reference this...
CVE-2024-22252
Summary of CVE-2024-22252 : VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges inside a VM can exploit this to execute code as the VMX process on the host; on ESXi the effect is contained w...
CVE-2021-22043
CVE-2021-22043 affects VMware ESXi. It is a TOCTOU vulnerability in how temporary files are handled by the settingsd service, enabling a user with access to settingsd to escalate privileges by writing arbitrary files. The issue is discussed alongside related flaws (CVE-2021-22040/22041/22042/2205...
CVE-2018-6974
CVE-2018-6974 describes an out-of-bounds read in the SVGA device affecting VMware ESXi (various older builds), VMware Workstation (14.x before 14.1.3), and VMware Fusion (10.x before 10.1.3). The issue could allow a guest to execute code on the host due to SVGA parsing/reading flaws. Affected pro...
CVE-2024-22254
CVE-2024-22254 : VMware ESXi contains an out-of-bounds write vulnerability in the VMX sandbox process. A local, privileged attacker within a VMX context could trigger the write and escape the sandbox, potentially impacting the host. Public details confirm the issue affects ESXi (and related VMwar...
CVE-2017-4924
CVE-2017-4924 is a VMware SVGA out-of-bounds write vulnerability that can allow a guest VM to execute code on the host. Affected products and versions (per provided docs): ESXi 6.5 prior to patch ESXi650-201707101-SG; VMware Workstation 12.x prior to 12.5.7; VMware Fusion 8.x prior to 8.5.8. The ...
CVE-2020-3981
CVE-2020-3981 affects VMware products (ESXi, Workstation, Fusion) with an out-of-bounds read caused by a TOCTOU in the ACPI device. An attacker with VM-level admin access can leak memory from the vmx process. CVE-2020-3982 is a related out-of-bounds write in the same ACPI TOCTOU path, potentially...
CVE-2022-31699
CVE-2022-31699 is a heap-overflow in VMware ESXi. A local authenticated attacker within a sandbox may disclose partial information from memory. Affected: ESXi runtimes; root cause is a heap-based overflow. Remediation in documents points to applying VMware VMSA-2022-0030 fixes (updating ESXi to f...
CVE-2020-4005
CVE-2020-4005 affects VMware ESXi 7.0 (before ESXi70U1b-17168206), 6.7 (before ESXi670-202011101-SG), and 6.5 (before ESXi650-202011301-SG). The issue is a privilege-escalation flaw in how certain system calls are managed, allowing a malicious actor with privileges inside the VMX process to escal...
CVE-2018-6981
CVE-2018-6981 describes an uninitialized stack memory issue in the vmxnet3 virtual network adapter that could allow a guest to execute code on the host. Affected VMware products include ESXi 6.7 (without ESXi670-201811401-BG), ESXi 6.5 (without ESXi650-201811301-BG), ESXi 6.0 (without ESXi600-201...
CVE-2013-1406
CVE-2013-1406 affects VMware VMCI in vmci.sys across VMware Workstation (8.x before 8.0.5; 9.x before 9.0.1), VMware Fusion (4.1 before 4.1.4; 5.0 before 5.0.2), VMware View (4.x before 4.6.2; 5.x before 5.1.2), VMware ESXi/ESX (4.0–5.1). Root cause: improper restriction of memory allocation by V...
CVE-2019-5519
CVE-2019-5519 describes a TOCTOU vulnerability in the virtual USB 1.1 UHCI on VMware products. A guest VM with a virtual USB controller can potentially execute code on the host. Affected: VMware ESXi (various 6.x versions), Workstation (14.x/15.x), and Fusion (10.x/11.x) before the patched builds...
CVE-2012-5703
CVE-2012-5703 affects VMware ESXi 4.1 / ESX 4.1 via the vSphere API. The vulnerability arises from improper handling of certain SOAP requests in RetrieveProp and RetrievePropEx, allowing remote attackers to cause a denial-of-service (host daemon crash). Exploitation is described as remote and una...
CVE-2024-22253
CVE-2024-22253 is a use-after-free in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. A malicious actor with local VM admin privileges can exploit it to execute code as the VMX process on the host; on ESXi this is contained within the VMX sandbox, while Workstation/Fusion ...
CVE-2009-2416
CVE-2009-2416 is a use-after-free in libxml2 (versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, 2.6.32) and libxml 1.8.17 triggered by crafted Notation/Enumeration attribute types in a DTD; leads to denial of service (application crash). Related CVE-2009-2414 is a stack-growth DoS via deep DTD structures....