cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-37086,https://securityvulnerability.io/vulnerability/CVE-2024-37086,VMware ESXi Out-of-Bounds Read Vulnerability Could Lead to Denial of Service,"VMware ESXi contains an out-of-bounds read vulnerability. A
 malicious actor with local administrative privileges on a virtual 
machine with an existing snapshot may trigger an out-of-bounds read 
leading to a denial-of-service condition of the host.",VMware,"Esxi,Vmware Cloud Foundation",6.8,MEDIUM,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-06-25T14:16:08.233Z,0
CVE-2024-37085,https://securityvulnerability.io/vulnerability/CVE-2024-37085,VMware ESXi Authentication Bypass Vulnerability,"VMware ESXi is susceptible to a critical authentication bypass vulnerability that enables a malicious actor with appropriate Active Directory permissions to gain unauthorized access to the ESXi host. This situation arises when the 'ESXi Admins' AD group, used for user management, is deleted from Active Directory and subsequently recreated by the attacker. Restoring this group allows elevated access rights, compromising the integrity of the host and potentially exposing sensitive information and functionalities. Administrators are advised to review access control measures and implement best practices to mitigate the risk associated with this vulnerability.",VMware,"Vmware Esxi,Vmware Cloud Foundation",7.2,HIGH,0.010470000095665455,true,2024-07-30T00:00:00.000Z,true,true,true,2024-06-26T07:00:26.000Z,false,true,true,2024-08-03T17:52:02.752Z,2024-06-25T14:16:01.280Z,65164
CVE-2024-22273,https://securityvulnerability.io/vulnerability/CVE-2024-22273,VMware ESXi Storage Controllers Vulnerable to Out-of-Bounds Read/Write Attacks,"The vulnerability involves an out-of-bounds read/write issue within the storage controllers of VMware ESXi, Workstation, and Fusion. A malicious actor with access to a virtual machine enabled with these storage controllers can exploit this vulnerability. The exploitation may result in a denial of service condition or allow the execution of arbitrary code on the hypervisor, especially when leveraged in conjunction with other vulnerabilities. This situation poses significant risk to virtualized environments relying on VMware's products, underscoring the necessity for timely security updates and patches.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation (esxi)",8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-21T17:29:05.426Z,0
CVE-2024-22255,https://securityvulnerability.io/vulnerability/CVE-2024-22255,Information disclosure vulnerability,"VMware ESXi, Workstation, and Fusion have a vulnerability within the UHCI USB controller that may lead to information disclosure. If an attacker gains administrative access to a virtual machine, they could potentially exploit this vulnerability to extract sensitive memory content from the vmx process, posing risks to data confidentiality and system integrity. Users are advised to apply the latest security updates to mitigate the risks associated with this vulnerability.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-05T17:58:35.987Z,0
CVE-2024-22254,https://securityvulnerability.io/vulnerability/CVE-2024-22254,VMware ESXi Out-of-Bounds Write Vulnerability,"An out-of-bounds write vulnerability exists in VMware ESXi, specifically affecting the VMX process. This flaw allows a malicious actor with certain privileges to exploit the vulnerability, which may result in an escape from the sandbox environment. By manipulating memory effectively, an attacker could potentially execute arbitrary code outside the intended execution flow, compromising the integrity and security of the virtualized environment. Organizations using VMware ESXi should assess their systems and apply necessary patches to mitigate potential risks associated with this vulnerability.",VMware,"Vmware Esxi,Vmware Cloud Foundation",7.9,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-05T17:58:24.341Z,0
CVE-2024-22253,https://securityvulnerability.io/vulnerability/CVE-2024-22253,Use-after-free vulnerability,"VMware ESXi, Workstation, and Fusion exhibit a use-after-free vulnerability associated with the UHCI USB controller. This flaw allows a malicious user with local administrative privileges on a virtual machine to exploit the vulnerability, potentially executing arbitrary code within the VMX process on the host system. On ESXi, this exploitation is limited to the VMX sandbox environment. In contrast, on Workstation and Fusion, successful exploitation could permit the execution of code directly on the host machine, posing a significant security risk to users.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",9.3,CRITICAL,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-03-05T17:57:27.297Z,0
CVE-2024-22252,https://securityvulnerability.io/vulnerability/CVE-2024-22252,Use-after-free vulnerability,"VMware ESXi, Workstation, and Fusion exhibit a use-after-free vulnerability associated with the XHCI USB controller. This threat arises from the ability of a malicious actor who has local administrative privileges on a virtual machine to exploit this vulnerability, potentially leading to code execution as the virtual machine's VMX process on the host. While exploitation on ESXi remains within the VMX sandbox, vulnerabilities in Workstation and Fusion may enable code execution on the host machines. Administrators should prioritize patching to mitigate potential security risks.",VMWare,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",9.3,CRITICAL,0.0004299999854993075,false,,true,false,true,2024-08-15T23:15:06.000Z,,true,false,,2024-03-05T17:57:22.043Z,3285
CVE-2022-31705,https://securityvulnerability.io/vulnerability/CVE-2022-31705,"Heap Out-of-Bounds Write Vulnerability in VMware ESXi, Workstation, and Fusion","VMware ESXi, Workstation, and Fusion have a vulnerability within the USB 2.0 controller (EHCI) that allows a malicious actor with local administrative privileges on a virtual machine to exploit this flaw. Successful exploitation could lead to the execution of arbitrary code within the virtual machine's VMX process on the host system. On ESXi, this exploitation is restricted to the VMX sandbox, while on Workstation and Fusion, it has the potential to execute code directly on the host machine. Maintaining the latest security patches is crucial for safeguarding against this vulnerability.",Vmware,"Vmware Esxi, Vmware Workstation Pro / Player, Vmware Fusion Pro / Fusion (fusion), Vmware Cloud Foundation",8.2,HIGH,0.0004400000034365803,false,,false,false,true,2023-01-09T04:27:15.000Z,true,false,false,,2022-12-14T00:00:00.000Z,0
CVE-2022-31699,https://securityvulnerability.io/vulnerability/CVE-2022-31699,Heap Overflow Vulnerability in VMware ESXi,"VMware ESXi is susceptible to a heap overflow vulnerability, which may allow a malicious local actor with limited privileges operating within a sandboxed environment to exploit the flaw. This exploitation can lead to partial information disclosure, posing a risk to sensitive data integrity. Administrators should be aware of this vulnerability to implement necessary mitigations.",Vmware,"Vmware Esxi, Vmware Cloud Foundation",3.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-12-13T00:00:00.000Z,0
CVE-2022-31696,https://securityvulnerability.io/vulnerability/CVE-2022-31696,Memory Corruption Vulnerability in VMware ESXi,"VMware ESXi suffers from a memory corruption issue related to its handling of network sockets. This vulnerability can be exploited by malicious actors with local access to the ESXi environment, potentially allowing them to corrupt memory and escape the ESXi sandbox. Such an escape could lead to unauthorized access to sensitive information or systems, emphasizing the need for prompt attention to security measures and updates.",Vmware,"Vmware Esxi, Vmware Cloud Foundation",8.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-12-13T00:00:00.000Z,0
CVE-2022-31681,https://securityvulnerability.io/vulnerability/CVE-2022-31681,Null-Pointer Dereference Vulnerability in VMware ESXi,"VMware ESXi contains a null-pointer dereference vulnerability that can be exploited by a malicious actor with sufficient privileges in the VMX process. This flaw can lead to a denial of service condition on the host, disrupting the availability of services. Proper security measures should be implemented to mitigate the risks associated with this vulnerability. For further details, refer to VMware's official security advisory.",Vmware,Vmware Esxi,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-10-07T00:00:00.000Z,0
CVE-2021-22050,https://securityvulnerability.io/vulnerability/CVE-2021-22050,Denial-of-Service Vulnerability in ESXi rhttpproxy by VMware,"The ESXi platform contains a vulnerability in the rhttpproxy service that can be exploited by a malicious actor. By sending a high volume of HTTP POST requests to the service, an attacker with network access can induce a denial-of-service condition. The excessive load causes the rhttpproxy service to become unresponsive, potentially disrupting the normal operations of affected systems. Administrators are advised to monitor their networks for unusual traffic patterns and apply available patches to mitigate this issue.",Vmware,Vmware Esxi And Vmware Cloud Foundation,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-02-16T16:37:56.000Z,0
CVE-2021-22043,https://securityvulnerability.io/vulnerability/CVE-2021-22043,TOCTOU Vulnerability in VMware ESXi Improper Handling of Temporary Files,"VMware ESXi is susceptible to a TOCTOU (Time-of-check Time-of-use) vulnerability that arises from insufficient safeguards in the handling of temporary files. This flaw can be exploited by attackers who have access to specific configurations, enabling them to write arbitrary files and thereby elevate their privileges within the system. This issue underscores the critical need for robust file handling mechanisms to mitigate potential exploitation risks.",Vmware,Vmware Esxi And Vmware Cloud Foundation,7.5,HIGH,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-02-16T16:37:55.000Z,0
CVE-2021-22042,https://securityvulnerability.io/vulnerability/CVE-2021-22042,Unauthorized Access Vulnerability in VMware ESXi Affecting VMX Processes,"VMware ESXi has a vulnerability that allows unauthorized access to the settingsd service, driven by specific circumstances within the VMX process. This could potentially enable malicious actors who possess privileges within the VMX context to inadvertently access sensitive service configurations running under high privilege levels.",Vmware,Vmware Esxi And Vmware Cloud Foundation,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-02-16T16:37:54.000Z,0
CVE-2021-22041,https://securityvulnerability.io/vulnerability/CVE-2021-22041,"Double-Fetch Vulnerability in VMware ESXi, Workstation, and Fusion USB Controller","VMware ESXi, Workstation, and Fusion have a double-fetch vulnerability within the UHCI USB controller. This flaw allows an attacker with local administrative access on a virtual machine to exploit the issue, leading to unauthorized code execution in the VMX process on the host machine. Proper security guidance is essential to mitigate this risk.",Vmware,"Vmware Esxi , Workstation, Fusion And Vmware Cloud Foundation",6.7,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-02-16T16:37:54.000Z,0
CVE-2021-22040,https://securityvulnerability.io/vulnerability/CVE-2021-22040,"Use-After-Free Vulnerability in VMware ESXi, Workstation, and Fusion USB Controller","VMware ESXi, Workstation, and Fusion are impacted by a use-after-free vulnerability in the XHCI USB controller. This security flaw can be exploited by a malicious actor who possesses local administrative privileges on a virtual machine, enabling them to execute code in the context of the VMX process on the host. This could potentially lead to unauthorized control and manipulation of the affected systems.",Vmware,"Vmware Esxi , Workstation, Fusion And Vmware Cloud Foundation",6.7,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-02-16T16:37:53.000Z,0
CVE-2021-22045,https://securityvulnerability.io/vulnerability/CVE-2021-22045,Heap Overflow Vulnerability in VMware ESXi and Workstation Products,"A heap overflow vulnerability exists in VMware ESXi, Workstation, and Fusion related to CD-ROM device emulation. Malicious actors with access to a vulnerable virtual machine could exploit this flaw, potentially leading to code execution on the hypervisor. Products affected include VMware ESXi versions 7.0, 6.7 (prior to ESXi670-202111101-SG), 6.5 (prior to ESXi650-202110101-SG), VMware Workstation 16.2.0, and VMware Fusion 12.2.0, emphasizing the need for prompt updates and security measures.",Vmware,"Vmware Esxi, Vmware Workstation And Vmware Fusion",7.8,HIGH,0.0008299999753944576,false,,false,false,false,,,false,false,,2022-01-04T21:39:03.000Z,0
CVE-2020-3960,https://securityvulnerability.io/vulnerability/CVE-2020-3960,"Out-of-Bounds Read Vulnerability in VMware ESXi, Workstation, and Fusion","VMware ESXi, Workstation, and Fusion are impacted by an out-of-bounds read vulnerability associated with the NVMe functionality. This issue allows a local malicious actor with non-administrative access to a virtual machine configured with a virtual NVMe controller to potentially exploit the flaw and access privileged information stored in physical memory. It is crucial for users to be aware of this vulnerability and apply necessary patches to safeguard their systems.",Vmware,"Vmware Esxi, Workstation, And Fusion",8.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-09-15T12:14:02.000Z,0
CVE-2021-21995,https://securityvulnerability.io/vulnerability/CVE-2021-21995,Denial-of-Service Vulnerability in OpenSLP of VMware ESXi,"A vulnerability exists in the OpenSLP service used in VMware ESXi that may allow a malicious actor with access to network port 427 to exploit a heap out-of-bounds read. This exploitation could lead to a denial-of-service condition, potentially disrupting the availability of the affected ESXi host.",Vmware,Vmware Esxi And Vmware Cloud Foundation,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-07-13T18:05:49.000Z,0
CVE-2021-21994,https://securityvulnerability.io/vulnerability/CVE-2021-21994,Authentication Bypass Vulnerability in Small Footprint CIM Broker for VMware ESXi,"The Small Footprint CIM Broker (SFCB) integrated within VMware ESXi is susceptible to an authentication bypass vulnerability. Attackers with network access to TCP port 5989 can exploit this flaw by sending crafted requests, enabling them to gain unauthorized access to sensitive resources. This security risk necessitates immediate attention to ensure the integrity and protection of the ESXi environment.",Vmware,Vmware Esxi And Vmware Cloud Foundation,9.8,CRITICAL,0.004920000210404396,false,,false,false,false,,,false,false,,2021-07-13T18:05:43.000Z,0
CVE-2021-21974,https://securityvulnerability.io/vulnerability/CVE-2021-21974,Heap Overflow Vulnerability in ESXi by VMware,"The OpenSLP service in VMware ESXi contains a heap overflow vulnerability that could allow an attacker within the same network segment to execute arbitrary code. By sending specially crafted packets to port 427, an unauthorized actor may exploit this flaw, potentially compromising the entire system. Users are advised to update their ESXi installations to mitigate this risk.",Vmware,"Vmware Esxi,Vmware Cloud Foundation",8.8,HIGH,0.9046099781990051,false,,false,false,true,2023-10-19T02:03:44.000Z,true,false,false,,2021-02-24T16:57:33.000Z,0
CVE-2020-3999,https://securityvulnerability.io/vulnerability/CVE-2020-3999,"Denial of Service Vulnerability in VMware ESXi, Workstation, and Fusion","VMware ESXi, Workstation, Fusion, and Cloud Foundation are susceptible to a denial of service vulnerability stemming from inadequate input validation in GuestInfo. This flaw enables a malicious user with standard privileges to compromise a virtual machine, resulting in the crashing of the vmx process. Consequently, this leads to a denial of service condition, impacting the availability of virtualized resources.",Vmware,"Vmware Esxi, Vmware Workstation,vmware Fusion And Vmware Cloud Foundation",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-12-21T15:14:08.000Z,0
CVE-2020-4004,https://securityvulnerability.io/vulnerability/CVE-2020-4004,"Use-After-Free Vulnerability in VMware ESXi, Workstation, and Fusion","A use-after-free vulnerability exists in the XHCI USB controller of VMware products, allowing attackers with local administrative privileges on a virtual machine to execute arbitrary code in the context of the VMX process on the host. This could lead to unauthorized actions within the virtual machine environment, posing a significant security risk to affected VMware installations. Proper updates and patches are required to mitigate the risk associated with this vulnerability.",Vmware,"Vmware Esxi,Workstation,Fusion",8.2,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2020-11-20T19:06:28.000Z,0
CVE-2020-4005,https://securityvulnerability.io/vulnerability/CVE-2020-4005,Privilege Escalation Vulnerability in VMware ESXi by VMware,"VMware ESXi versions prior to the specified updates are susceptible to a privilege escalation vulnerability. This issue arises from the improper management of certain system calls within the VMX process. An attacker with limited access may exploit this vulnerability to gain higher privileges on the affected system. Successful exploitation typically requires the attacker to also take advantage of another vulnerability, thus forming a more significant security risk.",Vmware,Vmware Esxi,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-11-20T19:06:25.000Z,0
CVE-2020-3995,https://securityvulnerability.io/vulnerability/CVE-2020-3995,Memory Leak Vulnerability in VMware Hypervisors and Workstation,"VMware has identified a memory leak vulnerability within the VMCI host drivers used by its hypervisors, including ESXi and Workstation. This vulnerability allows a malicious actor with access to a virtual machine to induce a memory leak, which over time can lead to memory resource exhaustion on the hypervisor. If exploited, this issue could affect the performance and stability of the virtualization environment, causing a denial of service. It is essential for administrators to apply the latest patches to mitigate potential risks associated with this vulnerability.",Vmware,"Vmware Esxi, Workstation, Fusion",5.3,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2020-10-20T16:14:34.000Z,0