Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esxi vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-4940
The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javasc...
Vmware Esxi 5.5
Vmware Esxi 6.0
Vmware Esxi 6.5
6.5
CVSSv3
CVE-2018-6972
VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x prior to 14.1.2), and Fusion (10.x prior to 10.1.2) contain a denial-of-service vulnerability due to NULL pointer...
Vmware Workstation
Vmware Fusion
Vmware Esxi 6.0
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Esxi 5.5
NA
CVE-2013-1661
VMware ESXi 4.0 up to and including 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle malicious users to cause a denial of service (unhandled exception and application crash) by modifying the client-server d...
Vmware Esx 4.1
Vmware Esxi 4.0
Vmware Esxi 5.0
Vmware Esx 4.0
Vmware Esxi 4.1
Vmware Esxi 5.1
NA
CVE-2013-5973
VMware ESXi 4.0 up to and including 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp ...
Vmware Esx 4.0
Vmware Esx 4.1
Vmware Esxi 4.0
Vmware Esxi 5.0
Vmware Esxi 4.1
Vmware Esxi 5.1
NA
CVE-2014-1207
VMware ESXi 4.0 up to and including 5.1 and ESX 4.0 and 4.1 allow remote malicious users to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic.
Vmware Esxi 5.1
Vmware Esxi 4.0
Vmware Esxi 4.1
Vmware Esxi 5.0
Vmware Esx 4.0
Vmware Esx 4.1
7.5
CVSSv3
CVE-2021-21995
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.
Vmware Cloud Foundation
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Esxi 7.0
8.8
CVSSv3
CVE-2021-21974
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the he...
Vmware Cloud Foundation
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Esxi 7.0.0
5 Github repositories
4 Articles
9.8
CVSSv3
CVE-2021-21994
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.
Vmware Cloud Foundation
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Esxi 7.0
7.5
CVSSv3
CVE-2021-22050
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.
Vmware Cloud Foundation
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Esxi 7.0
7.8
CVSSv3
CVE-2020-4005
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only...
Vmware Cloud Foundation
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Esxi 7.0
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »