cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-37086,https://securityvulnerability.io/vulnerability/CVE-2024-37086,VMware ESXi Out-of-Bounds Read Vulnerability Could Lead to Denial of Service,"VMware ESXi contains an out-of-bounds read vulnerability. A
 malicious actor with local administrative privileges on a virtual 
machine with an existing snapshot may trigger an out-of-bounds read 
leading to a denial-of-service condition of the host.",VMware,"Esxi,Vmware Cloud Foundation",6.8,MEDIUM,0.0004299999854993075,false,true,false,false,,false,false,2024-06-25T14:16:08.233Z,0
CVE-2024-37085,https://securityvulnerability.io/vulnerability/CVE-2024-37085,VMware ESXi Authentication Bypass Vulnerability,"VMware ESXi is susceptible to a critical authentication bypass vulnerability that enables a malicious actor with appropriate Active Directory permissions to gain unauthorized access to the ESXi host. This situation arises when the 'ESXi Admins' AD group, used for user management, is deleted from Active Directory and subsequently recreated by the attacker. Restoring this group allows elevated access rights, compromising the integrity of the host and potentially exposing sensitive information and functionalities. Administrators are advised to review access control measures and implement best practices to mitigate the risk associated with this vulnerability.",VMware,"Vmware Esxi,Vmware Cloud Foundation",7.2,HIGH,0.010470000095665455,true,true,true,true,true,true,true,2024-06-25T14:16:01.280Z,65164
CVE-2024-22273,https://securityvulnerability.io/vulnerability/CVE-2024-22273,VMware ESXi Storage Controllers Vulnerable to Out-of-Bounds Read/Write Attacks,"The vulnerability involves an out-of-bounds read/write issue within the storage controllers of VMware ESXi, Workstation, and Fusion. A malicious actor with access to a virtual machine enabled with these storage controllers can exploit this vulnerability. The exploitation may result in a denial of service condition or allow the execution of arbitrary code on the hypervisor, especially when leveraged in conjunction with other vulnerabilities. This situation poses significant risk to virtualized environments relying on VMware's products, underscoring the necessity for timely security updates and patches.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation (esxi)",8.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-21T17:29:05.426Z,0
CVE-2024-22255,https://securityvulnerability.io/vulnerability/CVE-2024-22255,Information disclosure vulnerability,"VMware ESXi, Workstation, and Fusion have a vulnerability within the UHCI USB controller that may lead to information disclosure. If an attacker gains administrative access to a virtual machine, they could potentially exploit this vulnerability to extract sensitive memory content from the vmx process, posing risks to data confidentiality and system integrity. Users are advised to apply the latest security updates to mitigate the risks associated with this vulnerability.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-03-05T17:58:35.987Z,0
CVE-2024-22254,https://securityvulnerability.io/vulnerability/CVE-2024-22254,VMware ESXi Out-of-Bounds Write Vulnerability,"An out-of-bounds write vulnerability exists in VMware ESXi, specifically affecting the VMX process. This flaw allows a malicious actor with certain privileges to exploit the vulnerability, which may result in an escape from the sandbox environment. By manipulating memory effectively, an attacker could potentially execute arbitrary code outside the intended execution flow, compromising the integrity and security of the virtualized environment. Organizations using VMware ESXi should assess their systems and apply necessary patches to mitigate potential risks associated with this vulnerability.",VMware,"Vmware Esxi,Vmware Cloud Foundation",7.9,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-03-05T17:58:24.341Z,0
CVE-2024-22253,https://securityvulnerability.io/vulnerability/CVE-2024-22253,Use-after-free vulnerability,"VMware ESXi, Workstation, and Fusion exhibit a use-after-free vulnerability associated with the UHCI USB controller. This flaw allows a malicious user with local administrative privileges on a virtual machine to exploit the vulnerability, potentially executing arbitrary code within the VMX process on the host system. On ESXi, this exploitation is limited to the VMX sandbox environment. In contrast, on Workstation and Fusion, successful exploitation could permit the execution of code directly on the host machine, posing a significant security risk to users.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",9.3,CRITICAL,0.0004299999854993075,false,true,false,false,,false,false,2024-03-05T17:57:27.297Z,0
CVE-2024-22252,https://securityvulnerability.io/vulnerability/CVE-2024-22252,Use-after-free vulnerability,"VMware ESXi, Workstation, and Fusion exhibit a use-after-free vulnerability associated with the XHCI USB controller. This threat arises from the ability of a malicious actor who has local administrative privileges on a virtual machine to exploit this vulnerability, potentially leading to code execution as the virtual machine's VMX process on the host. While exploitation on ESXi remains within the VMX sandbox, vulnerabilities in Workstation and Fusion may enable code execution on the host machines. Administrators should prioritize patching to mitigate potential security risks.",VMWare,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",9.3,CRITICAL,0.0004299999854993075,false,true,false,true,,true,false,2024-03-05T17:57:22.043Z,3285
CVE-2022-31705,https://securityvulnerability.io/vulnerability/CVE-2022-31705,,"VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.",Vmware,"Vmware Esxi, Vmware Workstation Pro / Player, Vmware Fusion Pro / Fusion (fusion), Vmware Cloud Foundation",8.2,HIGH,0.0004400000034365803,false,false,false,true,true,false,false,2022-12-14T00:00:00.000Z,0
CVE-2022-31696,https://securityvulnerability.io/vulnerability/CVE-2022-31696,,VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.,Vmware,"Vmware Esxi, Vmware Cloud Foundation",8.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-31699,https://securityvulnerability.io/vulnerability/CVE-2022-31699,,VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.,Vmware,"Vmware Esxi, Vmware Cloud Foundation",3.3,LOW,0.0004400000034365803,false,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-31681,https://securityvulnerability.io/vulnerability/CVE-2022-31681,,"VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.",Vmware,Vmware Esxi,6.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-10-07T00:00:00.000Z,0
CVE-2021-22050,https://securityvulnerability.io/vulnerability/CVE-2021-22050,,ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.,Vmware,Vmware Esxi And Vmware Cloud Foundation,7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2022-02-16T16:37:56.000Z,0
CVE-2021-22043,https://securityvulnerability.io/vulnerability/CVE-2021-22043,,"VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.",Vmware,Vmware Esxi And Vmware Cloud Foundation,7.5,HIGH,0.0010100000072270632,false,false,false,false,,false,false,2022-02-16T16:37:55.000Z,0
CVE-2021-22041,https://securityvulnerability.io/vulnerability/CVE-2021-22041,,"VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.",Vmware,"Vmware Esxi , Workstation, Fusion And Vmware Cloud Foundation",6.7,MEDIUM,0.0008900000248104334,false,false,false,false,,false,false,2022-02-16T16:37:54.000Z,0
CVE-2021-22042,https://securityvulnerability.io/vulnerability/CVE-2021-22042,,"VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.",Vmware,Vmware Esxi And Vmware Cloud Foundation,7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2022-02-16T16:37:54.000Z,0
CVE-2021-22040,https://securityvulnerability.io/vulnerability/CVE-2021-22040,,"VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.",Vmware,"Vmware Esxi , Workstation, Fusion And Vmware Cloud Foundation",6.7,MEDIUM,0.0008900000248104334,false,false,false,false,,false,false,2022-02-16T16:37:53.000Z,0
CVE-2021-22045,https://securityvulnerability.io/vulnerability/CVE-2021-22045,,"VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.",Vmware,"Vmware Esxi, Vmware Workstation And Vmware Fusion",7.8,HIGH,0.0008299999753944576,false,false,false,false,,false,false,2022-01-04T21:39:03.000Z,0
CVE-2020-3960,https://securityvulnerability.io/vulnerability/CVE-2020-3960,,"VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.",Vmware,"Vmware Esxi, Workstation, And Fusion",8.4,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2021-09-15T12:14:02.000Z,0
CVE-2021-21995,https://securityvulnerability.io/vulnerability/CVE-2021-21995,,OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.,Vmware,Vmware Esxi And Vmware Cloud Foundation,7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2021-07-13T18:05:49.000Z,0
CVE-2021-21994,https://securityvulnerability.io/vulnerability/CVE-2021-21994,,SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.,Vmware,Vmware Esxi And Vmware Cloud Foundation,9.8,CRITICAL,0.004920000210404396,false,false,false,false,,false,false,2021-07-13T18:05:43.000Z,0
CVE-2021-21974,https://securityvulnerability.io/vulnerability/CVE-2021-21974,,"OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.",Vmware,"Vmware Esxi,Vmware Cloud Foundation",8.8,HIGH,0.9046099781990051,false,false,false,true,true,false,false,2021-02-24T16:57:33.000Z,0
CVE-2020-3999,https://securityvulnerability.io/vulnerability/CVE-2020-3999,,"VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.",Vmware,"Vmware Esxi, Vmware Workstation,vmware Fusion And Vmware Cloud Foundation",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2020-12-21T15:14:08.000Z,0
CVE-2020-4004,https://securityvulnerability.io/vulnerability/CVE-2020-4004,,"VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.",Vmware,"Vmware Esxi,Workstation,Fusion",8.2,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2020-11-20T19:06:28.000Z,0
CVE-2020-4005,https://securityvulnerability.io/vulnerability/CVE-2020-4005,,"VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)",Vmware,Vmware Esxi,7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2020-11-20T19:06:25.000Z,0
CVE-2020-3995,https://securityvulnerability.io/vulnerability/CVE-2020-3995,,"In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.",Vmware,"Vmware Esxi, Workstation, Fusion",5.3,MEDIUM,0.0008099999977275729,false,false,false,false,,false,false,2020-10-20T16:14:34.000Z,0