Vmware Esxi vulnerabilities

146 known vulnerabilities affecting vmware/esxi.

Total CVEs

146

CISA KEV

8

actively exploited

Public exploits

13

Exploited in wild

6

Severity breakdown

CRITICAL19HIGH59MEDIUM62LOW6

Vulnerabilities

Page 8 of 8

CVE-2008-4917HIGHCVSS 7.2v3.52008-12-09

CVE-2008-4917 [HIGH] CWE-399 CVE-2008-4917: Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x version Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that trigg

CVE-2008-4281CRITICALCVSS 9.3≤ 3.52008-11-10

CVE-2008-4281 [CRITICAL] CWE-22 CVE-2008-4281: Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 befor Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors.

CVE-2008-4915MEDIUMCVSS 6.9v3.52008-11-10

CVE-2008-4915 [MEDIUM] CWE-264 CVE-2008-4915: The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0 The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the

CVE-2008-2097CRITICALCVSS 9.0v3.52008-06-05

CVE-2008-2097 [CRITICAL] CWE-119 CVE-2008-2097: Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote aut Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."

CVE-2008-2100HIGHCVSS 7.2v3.52008-06-05

CVE-2008-2100 [HIGH] CWE-119 CVE-2008-2100: Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6. Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.

CVE-2008-0967MEDIUMCVSS 6.9v3.52008-06-05

CVE-2008-0967 [MEDIUM] CVE-2008-0967: Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 917 Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges vi

← Previous8 / 8