cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-22273,https://securityvulnerability.io/vulnerability/CVE-2024-22273,VMware ESXi Storage Controllers Vulnerable to Out-of-Bounds Read/Write Attacks,"The vulnerability involves an out-of-bounds read/write issue within the storage controllers of VMware ESXi, Workstation, and Fusion. A malicious actor with access to a virtual machine enabled with these storage controllers can exploit this vulnerability. The exploitation may result in a denial of service condition or allow the execution of arbitrary code on the hypervisor, especially when leveraged in conjunction with other vulnerabilities. This situation poses significant risk to virtualized environments relying on VMware's products, underscoring the necessity for timely security updates and patches.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation (esxi)",8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-21T17:29:05.426Z,0
CVE-2024-22255,https://securityvulnerability.io/vulnerability/CVE-2024-22255,Information disclosure vulnerability,"VMware ESXi, Workstation, and Fusion have a vulnerability within the UHCI USB controller that may lead to information disclosure. If an attacker gains administrative access to a virtual machine, they could potentially exploit this vulnerability to extract sensitive memory content from the vmx process, posing risks to data confidentiality and system integrity. Users are advised to apply the latest security updates to mitigate the risks associated with this vulnerability.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-05T17:58:35.987Z,0
CVE-2024-22253,https://securityvulnerability.io/vulnerability/CVE-2024-22253,Use-after-free vulnerability,"VMware ESXi, Workstation, and Fusion exhibit a use-after-free vulnerability associated with the UHCI USB controller. This flaw allows a malicious user with local administrative privileges on a virtual machine to exploit the vulnerability, potentially executing arbitrary code within the VMX process on the host system. On ESXi, this exploitation is limited to the VMX sandbox environment. In contrast, on Workstation and Fusion, successful exploitation could permit the execution of code directly on the host machine, posing a significant security risk to users.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",9.3,CRITICAL,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-03-05T17:57:27.297Z,0
CVE-2024-22252,https://securityvulnerability.io/vulnerability/CVE-2024-22252,Use-after-free vulnerability,"VMware ESXi, Workstation, and Fusion exhibit a use-after-free vulnerability associated with the XHCI USB controller. This threat arises from the ability of a malicious actor who has local administrative privileges on a virtual machine to exploit this vulnerability, potentially leading to code execution as the virtual machine's VMX process on the host. While exploitation on ESXi remains within the VMX sandbox, vulnerabilities in Workstation and Fusion may enable code execution on the host machines. Administrators should prioritize patching to mitigate potential security risks.",VMWare,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",9.3,CRITICAL,0.0004299999854993075,false,,true,false,true,2024-08-15T23:15:06.000Z,,true,false,,2024-03-05T17:57:22.043Z,3285
CVE-2022-31705,https://securityvulnerability.io/vulnerability/CVE-2022-31705,"Heap Out-of-Bounds Write Vulnerability in VMware ESXi, Workstation, and Fusion","VMware ESXi, Workstation, and Fusion have a vulnerability within the USB 2.0 controller (EHCI) that allows a malicious actor with local administrative privileges on a virtual machine to exploit this flaw. Successful exploitation could lead to the execution of arbitrary code within the virtual machine's VMX process on the host system. On ESXi, this exploitation is restricted to the VMX sandbox, while on Workstation and Fusion, it has the potential to execute code directly on the host machine. Maintaining the latest security patches is crucial for safeguarding against this vulnerability.",Vmware,"Vmware Esxi, Vmware Workstation Pro / Player, Vmware Fusion Pro / Fusion (fusion), Vmware Cloud Foundation",8.2,HIGH,0.0004400000034365803,false,,false,false,true,2023-01-09T04:27:15.000Z,true,false,false,,2022-12-14T00:00:00.000Z,0
CVE-2021-22041,https://securityvulnerability.io/vulnerability/CVE-2021-22041,"Double-Fetch Vulnerability in VMware ESXi, Workstation, and Fusion USB Controller","VMware ESXi, Workstation, and Fusion have a double-fetch vulnerability within the UHCI USB controller. This flaw allows an attacker with local administrative access on a virtual machine to exploit the issue, leading to unauthorized code execution in the VMX process on the host machine. Proper security guidance is essential to mitigate this risk.",Vmware,"Vmware Esxi , Workstation, Fusion And Vmware Cloud Foundation",6.7,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-02-16T16:37:54.000Z,0
CVE-2021-22040,https://securityvulnerability.io/vulnerability/CVE-2021-22040,"Use-After-Free Vulnerability in VMware ESXi, Workstation, and Fusion USB Controller","VMware ESXi, Workstation, and Fusion are impacted by a use-after-free vulnerability in the XHCI USB controller. This security flaw can be exploited by a malicious actor who possesses local administrative privileges on a virtual machine, enabling them to execute code in the context of the VMX process on the host. This could potentially lead to unauthorized control and manipulation of the affected systems.",Vmware,"Vmware Esxi , Workstation, Fusion And Vmware Cloud Foundation",6.7,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-02-16T16:37:53.000Z,0
CVE-2020-3999,https://securityvulnerability.io/vulnerability/CVE-2020-3999,"Denial of Service Vulnerability in VMware ESXi, Workstation, and Fusion","VMware ESXi, Workstation, Fusion, and Cloud Foundation are susceptible to a denial of service vulnerability stemming from inadequate input validation in GuestInfo. This flaw enables a malicious user with standard privileges to compromise a virtual machine, resulting in the crashing of the vmx process. Consequently, this leads to a denial of service condition, impacting the availability of virtualized resources.",Vmware,"Vmware Esxi, Vmware Workstation,vmware Fusion And Vmware Cloud Foundation",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-12-21T15:14:08.000Z,0