vmware esxi 7.0 vulnerabilities and exploits

(subscribe to this query)

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.

Vmware Cloud Foundation Vmware Esxi 6.5 Vmware Esxi 6.7 Vmware Esxi 7.0

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

Vmware Cloud Foundation Vmware Esxi 6.5 Vmware Esxi 6.7 Vmware Esxi 7.0

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only...

Vmware Cloud Foundation Vmware Esxi 6.5 Vmware Esxi 6.7 Vmware Esxi 7.0

1 Article

ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.

Vmware Cloud Foundation Vmware Esxi 6.5 Vmware Esxi 6.7 Vmware Esxi 7.0

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process run...

Vmware Workstation Vmware Esxi 7.0 Vmware Esxi 8.0 Vmware Fusion

1 Github repository1 Article

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Vmware Cloud Foundation Vmware Vcenter Server 6.5 Vmware Vcenter Server 6.7 Vmware Vcenter Server 7.0 Vmware Esxi 6.5 Vmware Esxi 6.7 Vmware Esxi 7.0

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsph...

Vmware Cloud Foundation Vmware Esxi 7.0 Vmware Esxi 8.0

3 Github repositories6 Articles

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x prior to 15.5.7), Fusion (11.x prior to 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local adminis...

Vmware Fusion Vmware Cloud Foundation Vmware Workstation Vmware Esxi 6.5 Vmware Esxi 6.7 Vmware Esxi 7.0

1 Article

VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device ...

Vmware Cloud Foundation Vmware Workstation Vmware Fusion Vmware Esxi 6.5 Vmware Esxi 6.7 Vmware Esxi 7.0

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Vmware Cloud Foundation Vmware Fusion Vmware Fusion -Vmware Workstation Vmware Esxi 6.5 Vmware Esxi 6.7 Vmware Esxi 7.0

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook