Vulnerabilities > Vmware > Esxi

DATE CVE VULNERABILITY TITLE RISK
2022-02-16 CVE-2021-22040 Use After Free vulnerability in VMWare products
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.
local
low complexity
vmware CWE-416
4.6
4.6
2022-02-16 CVE-2021-22041 Unspecified vulnerability in VMWare products
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller.
local
low complexity
vmware
4.6
4.6
2022-02-16 CVE-2021-22042 Incorrect Authorization vulnerability in VMWare Cloud Foundation and Esxi
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets.
local
low complexity
vmware CWE-863
4.6
4.6
2022-02-16 CVE-2021-22043 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare Esxi and Fusion
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled.
network
vmware CWE-367
6.0
6.0
2022-02-16 CVE-2021-22050 Allocation of Resources Without Limits or Throttling vulnerability in VMWare Cloud Foundation and Esxi
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy.
network
low complexity
vmware CWE-770
5.0
5.0
2022-01-04 CVE-2021-22045 Out-of-bounds Write vulnerability in VMWare products
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation.
local
vmware CWE-787
6.9
6.9
2021-07-13 CVE-2021-21994 Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability.
network
vmware CWE-287
6.8
6.8
2021-07-13 CVE-2021-21995 Out-of-bounds Read vulnerability in VMWare Cloud Foundation and Esxi
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue.
network
low complexity
vmware CWE-125
5.0
5.0
2021-02-24 CVE-2021-21974 Out-of-bounds Write vulnerability in VMWare Cloud Foundation and Esxi
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability.
low complexity
vmware CWE-787
5.8
5.8
2020-12-21 CVE-2020-3999 NULL Pointer Dereference vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo.
local
low complexity
vmware CWE-476
2.1
2.1