Esxi

DATE	CVE	VULNERABILITY TITLE	RISK
2024-06-25	CVE-2024-37085	Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. network low complexity vmware CWE-287	7.2
2023-04-25	CVE-2023-29552	The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. network low complexity netapp suse vmware service-location-protocol-project	7.5
2022-12-14	CVE-2022-31705	Out-of-bounds Write vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). local low complexity vmware CWE-787	8.2
2022-12-13	CVE-2022-31696	Out-of-bounds Write vulnerability in VMWare Esxi 6.5/6.7 VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. local low complexity vmware CWE-787	8.8
2022-12-13	CVE-2022-31699	Out-of-bounds Write vulnerability in VMWare Esxi 6.5/6.7 VMware ESXi contains a heap-overflow vulnerability. local low complexity vmware CWE-787	3.3
2022-10-07	CVE-2022-31681	NULL Pointer Dereference vulnerability in VMWare Esxi VMware ESXi contains a null-pointer deference vulnerability. local low complexity vmware CWE-476	6.5
2022-07-14	CVE-2022-23825	Exposure of Resource to Wrong Sphere vulnerability in multiple products Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. local low complexity debian fedoraproject amd vmware CWE-668	6.5
2022-07-12	CVE-2022-29901	Exposure of Resource to Wrong Sphere vulnerability in multiple products Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. local low complexity intel xen fedoraproject vmware debian CWE-668	6.5
2022-06-15	CVE-2022-21166	Incomplete Cleanup vulnerability in multiple products Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity xen fedoraproject intel vmware debian CWE-459	5.5
2022-06-15	CVE-2022-21123	Incomplete Cleanup vulnerability in multiple products Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity xen fedoraproject intel vmware debian CWE-459	5.5