Esxi - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Esxi
(Vmware)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	138

Date	Id	Summary	Products	Score	Patch	Annotated
2022-01-04	CVE-2021-22045	VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.	Cloud_foundation, Esxi, Fusion, Workstation	7.8
2022-02-16	CVE-2021-22040	VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.	Cloud_foundation, Esxi, Fusion, Workstation_player, Workstation_pro	6.7
2022-02-16	CVE-2021-22041	VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.	Cloud_foundation, Esxi, Fusion, Workstation	6.7
2022-02-16	CVE-2021-22042	VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.	Cloud_foundation, Esxi	7.8
2022-02-16	CVE-2021-22043	VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.	Esxi, Fusion	7.5
2022-02-16	CVE-2021-22050	ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.	Cloud_foundation, Esxi	7.5
2022-07-12	CVE-2022-29901	Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.	Debian_linux, Fedora, Core_i3\-6100_firmware, Core_i3\-6100e_firmware, Core_i3\-6100h_firmware, Core_i3\-6100t_firmware, Core_i3\-6100te_firmware, Core_i3\-6100u_firmware, Core_i3\-6102e_firmware, Core_i3\-6110u_firmware, Core_i3\-6120_firmware, Core_i3\-6120t_firmware, Core_i3\-6167u_firmware, Core_i3\-6300_firmware, Core_i3\-6300t_firmware, Core_i3\-6320_firmware, Core_i3\-6320t_firmware, Core_i3\-8000_firmware, Core_i3\-8000t_firmware, Core_i3\-8020_firmware, Core_i3\-8100_firmware, Core_i3\-8100h_firmware, Core_i3\-8100t_firmware, Core_i3\-8109u_firmware, Core_i3\-8120_firmware, Core_i3\-8130u_firmware, Core_i3\-8145u_firmware, Core_i3\-8300_firmware, Core_i3\-8300t_firmware, Core_i3\-8350k_firmware, Core_i5\-6200u_firmware, Core_i5\-6210u_firmware, Core_i5\-6260u_firmware, Core_i5\-6267u_firmware, Core_i5\-6287u_firmware, Core_i5\-6300hq_firmware, Core_i5\-6300u_firmware, Core_i5\-6310u_firmware, Core_i5\-6350hq_firmware, Core_i5\-6360u_firmware, Core_i5\-6400_firmware, Core_i5\-6400t_firmware, Core_i5\-6440eq_firmware, Core_i5\-6440hq_firmware, Core_i5\-6442eq_firmware, Core_i5\-6500_firmware, Core_i5\-6500t_firmware, Core_i5\-6500te_firmware, Core_i5\-6600_firmware, Core_i5\-6600k_firmware, Core_i5\-6600t_firmware, Core_i5\-8200y_firmware, Core_i5\-8210y_firmware, Core_i5\-8250u_firmware, Core_i5\-8259u_firmware, Core_i5\-8265u_firmware, Core_i5\-8269u_firmware, Core_i5\-8300h_firmware, Core_i5\-8305g_firmware, Core_i5\-8310y_firmware, Core_i5\-8350u_firmware, Core_i5\-8365u_firmware, Core_i5\-8400_firmware, Core_i5\-8400b_firmware, Core_i5\-8400h_firmware, Core_i5\-8400t_firmware, Core_i5\-8420_firmware, Core_i5\-8420t_firmware, Core_i5\-8500_firmware, Core_i5\-8500b_firmware, Core_i5\-8500t_firmware, Core_i5\-8550_firmware, Core_i5\-8550u_firmware, Core_i5\-8600_firmware, Core_i5\-8600k_firmware, Core_i5\-8600t_firmware, Core_i5\-8650_firmware, Core_i5\-8650k_firmware, Core_i7\-6500u_firmware, Core_i7\-6510u_firmware, Core_i7\-6560u_firmware, Core_i7\-6567u_firmware, Core_i7\-6600u_firmware, Core_i7\-6650u_firmware, Core_i7\-6660u_firmware, Core_i7\-6700_firmware, Core_i7\-6700hq_firmware, Core_i7\-6700k_firmware, Core_i7\-6700t_firmware, Core_i7\-6700te_firmware, Core_i7\-6770hq_firmware, Core_i7\-6820eq_firmware, Core_i7\-6820hk_firmware, Core_i7\-6820hq_firmware, Core_i7\-6822eq_firmware, Core_i7\-6870hq_firmware, Core_i7\-6920hq_firmware, Core_i7\-6970hq_firmware, Core_i7\-8500y_firmware, Core_i7\-8510y_firmware, Core_i7\-8550u_firmware, Core_i7\-8557u_firmware, Core_i7\-8559u_firmware, Core_i7\-8560u_firmware, Core_i7\-8565u_firmware, Core_i7\-8569u_firmware, Core_i7\-8650u_firmware, Core_i7\-8665u_firmware, Core_i7\-8670_firmware, Core_i7\-8670t_firmware, Core_i7\-8700_firmware, Core_i7\-8700b_firmware, Core_i7\-8700k_firmware, Core_i7\-8700t_firmware, Core_i7\-8705g_firmware, Core_i7\-8706g_firmware, Core_i7\-8709g_firmware, Core_i7\-8750h_firmware, Core_i7\-8750hf_firmware, Core_i7\-8809g_firmware, Core_i7\-8850h_firmware, Core_i9\-8950hk_firmware, Core_m3\-6y30_firmware, Core_m3\-8100y_firmware, Core_m5\-6y54_firmware, Core_m5\-6y57_firmware, Core_m7\-6y75_firmware, Esxi, Xen	6.5
2022-07-14	CVE-2022-23825	Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.	A10\-9600p_firmware, A10\-9630p_firmware, A12\-9700p_firmware, A12\-9730p_firmware, A4\-9120_firmware, A6\-9210_firmware, A6\-9220_firmware, A6\-9220c_firmware, A9\-9410_firmware, A9\-9420_firmware, Athlon_gold_3150u_firmware, Athlon_silver_3050u_firmware, Athlon_x4_750_firmware, Athlon_x4_760k_firmware, Athlon_x4_830_firmware, Athlon_x4_835_firmware, Athlon_x4_840_firmware, Athlon_x4_845_firmware, Athlon_x4_860k_firmware, Athlon_x4_870k_firmware, Athlon_x4_880k_firmware, Athlon_x4_940_firmware, Athlon_x4_950_firmware, Athlon_x4_970_firmware, Epyc_7001_firmware, Epyc_7002_firmware, Epyc_7251_firmware, Epyc_7252_firmware, Epyc_7261_firmware, Epyc_7262_firmware, Epyc_7272_firmware, Epyc_7281_firmware, Epyc_7282_firmware, Epyc_7301_firmware, Epyc_7302_firmware, Epyc_7302p_firmware, Epyc_7351_firmware, Epyc_7351p_firmware, Epyc_7352_firmware, Epyc_7371_firmware, Epyc_7401_firmware, Epyc_7401p_firmware, Epyc_7402_firmware, Epyc_7402p_firmware, Epyc_7451_firmware, Epyc_7452_firmware, Epyc_7501_firmware, Epyc_7502_firmware, Epyc_7502p_firmware, Epyc_7532_firmware, Epyc_7542_firmware, Epyc_7551_firmware, Epyc_7551p_firmware, Epyc_7552_firmware, Epyc_7601_firmware, Epyc_7642_firmware, Epyc_7662_firmware, Epyc_7702_firmware, Epyc_7742_firmware, Epyc_7f32_firmware, Epyc_7f52_firmware, Epyc_7f72_firmware, Epyc_7h12_firmware, Ryzen_3_2200u_firmware, Ryzen_3_2300u_firmware, Ryzen_3_3100_firmware, Ryzen_3_3200u_firmware, Ryzen_3_3250u_firmware, Ryzen_3_3300g_firmware, Ryzen_3_3300u_firmware, Ryzen_3_3300x_firmware, Ryzen_3_4300g_firmware, Ryzen_3_4300ge_firmware, Ryzen_3_4300u_firmware, Ryzen_5_2500u_firmware, Ryzen_5_2600_firmware, Ryzen_5_2600h_firmware, Ryzen_5_2600x_firmware, Ryzen_5_2700_firmware, Ryzen_5_2700x_firmware, Ryzen_5_3400g_firmware, Ryzen_5_3450g_firmware, Ryzen_5_3500u_firmware, Ryzen_5_3550h_firmware, Ryzen_5_3600_firmware, Ryzen_5_3600x_firmware, Ryzen_5_3600xt_firmware, Ryzen_5_4500u_firmware, Ryzen_5_4600g_firmware, Ryzen_5_4600ge_firmware, Ryzen_5_4600h_firmware, Ryzen_5_4600u_firmware, Ryzen_7_2700_firmware, Ryzen_7_2700u_firmware, Ryzen_7_2700x_firmware, Ryzen_7_2800h_firmware, Ryzen_7_3700u_firmware, Ryzen_7_3700x_firmware, Ryzen_7_3750h_firmware, Ryzen_7_3800x_firmware, Ryzen_7_3800xt_firmware, Ryzen_7_4700g_firmware, Ryzen_7_4700ge_firmware, Ryzen_7_4700u_firmware, Ryzen_7_4800h_firmware, Ryzen_7_4800u_firmware, Ryzen_9_4900h_firmware, Ryzen_threadripper_2920x_firmware, Ryzen_threadripper_2950x_firmware, Ryzen_threadripper_2970wx_firmware, Ryzen_threadripper_2990wx_firmware, Ryzen_threadripper_3960x_firmware, Ryzen_threadripper_3970x_firmware, Ryzen_threadripper_3990x_firmware, Ryzen_threadripper_pro_3795wx_firmware, Ryzen_threadripper_pro_3945wx_firmware, Ryzen_threadripper_pro_3955wx_firmware, Ryzen_threadripper_pro_3995wx_firmware, Ryzen_threadripper_pro_5945wx_firmware, Ryzen_threadripper_pro_5955wx_firmware, Ryzen_threadripper_pro_5965wx_firmware, Ryzen_threadripper_pro_5975wx_firmware, Ryzen_threadripper_pro_5995wx_firmware, Debian_linux, Fedora, Esxi	6.5
2022-10-07	CVE-2022-31681	VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.	Cloud_foundation, Esxi	6.5
2022-12-13	CVE-2022-31696	VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.	Cloud_foundation, Esxi	8.8