Vmware Esxi vulnerabilities

146 known vulnerabilities affecting vmware/esxi.

Total CVEs

146

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL19HIGH59MEDIUM62LOW6

Vulnerabilities

Page 6 of 8

CVE-2013-3658CRITICALCVSS 9.4v4.0v4.1+1 more2013-09-10

CVE-2013-3658 [CRITICAL] CWE-22 CVE-2013-3658: Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors.

nvd

CVE-2013-3657HIGHCVSS 7.5v4.0v4.1+1 more2013-09-10

CVE-2013-3657 [HIGH] CWE-119 CVE-2013-3657: Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to exec Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.

nvd

CVE-2013-1661MEDIUMCVSS 4.3v4.0v4.1+2 more2013-09-04

CVE-2013-1661 [MEDIUM] CWE-20 CVE-2013-1661: VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream.

nvd

CVE-2013-1659HIGHCVSS 7.6v3.5v4.0+3 more2013-02-22

CVE-2013-1659 [HIGH] CVE-2013-1659: VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data

nvd

CVE-2013-1405CRITICALCVSS 10.0v3.5v4.0+1 more2013-02-15

CVE-2013-1405 [CRITICAL] CWE-287 CVE-2013-1405: VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMwar VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute a

nvd

CVE-2013-1406HIGHCVSS 7.2PoCv4.0v4.1+2 more2013-02-11

CVE-2013-1406 [HIGH] CWE-20 CVE-2013-1406: The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory al

nvd

CVE-2012-5703MEDIUMCVSS 5.0v4.12012-11-20

CVE-2012-5703 [MEDIUM] CWE-20 CVE-2012-5703: The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request.

nvd

CVE-2012-3288CRITICALCVSS 9.3v3.5v4.0+2 more2012-06-14

CVE-2012-3288 [CRITICAL] CWE-20 CVE-2012-3288: VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x bef VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a c

nvd

CVE-2012-3289HIGHCVSS 7.8v3.5v4.0+2 more2012-06-14

CVE-2012-3289 [HIGH] CWE-94 CVE-2012-3289: VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, an VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device.

nvd

CVE-2012-1516CRITICALCVSS 9.9v3.5v4.0+1 more2012-05-04

CVE-2012-1516 [CRITICAL] CWE-119 CVE-2012-1516: The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.

nvd

CVE-2012-2449CRITICALCVSS 9.0v3.5v4.0+2 more2012-05-04

CVE-2012-2449 [CRITICAL] CWE-119 CVE-2012-2449: VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2 VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbit

nvd

CVE-2012-1517CRITICALCVSS 9.0v4.12012-05-04

CVE-2012-1517 [CRITICAL] CWE-119 CVE-2012-1517: The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows g The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers.

nvd

CVE-2012-2450CRITICALCVSS 9.0v3.5v4.0+2 more2012-05-04

CVE-2012-2450 [CRITICAL] CVE-2012-2450: VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by l

nvd

CVE-2012-2448HIGHCVSS 7.5v3.5v4.0+2 more2012-05-04

CVE-2012-2448 [HIGH] CWE-119 CVE-2012-2448: VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic.

nvd

CVE-2012-1518HIGHCVSS 8.3v3.5v4.0+2 more2012-04-17

CVE-2012-1518 [HIGH] CWE-264 CVE-2012-1518: VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.

nvd

CVE-2012-1515HIGHCVSS 8.3v3.5v4.0+1 more2012-04-02

CVE-2012-1515 [HIGH] CWE-264 CVE-2012-1515: VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O ope VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.

nvd

CVE-2012-1508HIGHCVSS 7.2v4.0v4.1+1 more2012-03-16

CVE-2012-1508 [HIGH] CWE-264 CVE-2012-1508: The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View be The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

nvd

CVE-2012-1510HIGHCVSS 7.2v4.0v4.1+1 more2012-03-16

CVE-2012-1510 [HIGH] CWE-119 CVE-2012-1510: Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors.

nvd

CVE-2011-1787MEDIUMCVSS 6.9v3.5v4.0+1 more2011-06-06

CVE-2011-1787 [MEDIUM] CWE-362 CVE-2011-1787: Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1 Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary d

nvd

CVE-2011-2145MEDIUMCVSS 6.3v3.5v4.0+1 more2011-06-06

CVE-2011-2145 [MEDIUM] CWE-264 CVE-2011-2145: mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, V mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vector

nvd

← Previous6 / 8Next →