Vmware Esxi vulnerabilities

CVE-2022-31699 [LOW] CWE-787 CVE-2022-31699: VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileg VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

CVE-2022-31681 [MEDIUM] CWE-476 CVE-2022-31681: VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges withi VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.

CVE-2022-23825 [MEDIUM] CWE-668 CVE-2022-23825: Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type poten Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

CVE-2022-29901 [MEDIUM] CWE-200 CVE-2022-29901: Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CVE-2022-21166 [MEDIUM] CWE-459 CVE-2022-21166: Incomplete cleanup in specific special register write operations for some Intel(R) Processors may al Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-21125 [MEDIUM] CWE-459 CVE-2022-21125: Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authe Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-21123 [MEDIUM] CWE-459 CVE-2022-21123: Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authentica Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2021-22042 [HIGH] CWE-863 CVE-2021-22042: VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd auth VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.

CVE-2021-22050 [HIGH] CWE-770 CVE-2021-22050: ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.

CVE-2021-22043 [HIGH] CWE-367 CVE-2021-22043: VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way tempo VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.

CVE-2021-22040 [MEDIUM] CWE-416 CVE-2021-22040: VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controll VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVE-2021-22041 [MEDIUM] CVE-2021-22041: VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVE-2021-22045 [HIGH] CWE-787 CVE-2021-22045: VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Works VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with o

CVE-2021-21994 [CRITICAL] CWE-287 CVE-2021-21994: SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A mali SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

CVE-2021-21995 [HIGH] CWE-125 CVE-2021-21995: OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.

CVE-2021-21974 [HIGH] CWE-787 CVE-2021-21974: OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

CVE-2020-3999 [MEDIUM] CWE-20 CVE-2020-3999: VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual

CVE-2020-4005 [HIGH] CVE-2020-4005: VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-2020 VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of

CVE-2020-4004 [HIGH] CWE-416 CVE-2020-4004: VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-2020 VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code

CVE-2020-3992 [CRITICAL] CWE-416 CVE-2020-3992: OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code ex