Vulnerabilities > Vmware > Esxi

DATE CVE VULNERABILITY TITLE RISK
2020-06-24 CVE-2020-3962 Use After Free vulnerability in VMWare products
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device.
local
low complexity
vmware CWE-416
8.2
8.2
2020-06-24 CVE-2020-3969 Off-by-one Error vulnerability in VMWare products
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device.
local
high complexity
vmware CWE-193
7.8
7.8
2020-05-29 CVE-2020-3959 Memory Leak vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module.
local
low complexity
vmware CWE-401
3.3
3.3
2020-05-29 CVE-2020-3958 Reachable Assertion vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality.
local
low complexity
vmware CWE-617
5.5
5.5
2020-04-29 CVE-2020-3955 Cross-site Scripting vulnerability in VMWare Esxi 6.5/6.7
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes.
network
low complexity
vmware CWE-79
critical
 9.3
9.3
2019-12-06 CVE-2019-5544 Out-of-bounds Write vulnerability in multiple products
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue.
network
low complexity
vmware redhat openslp fedoraproject CWE-787
critical
 9.8
9.8
2019-10-28 CVE-2019-5536 Unspecified vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality.
network
low complexity
vmware
6.5
6.5
2019-10-10 CVE-2019-5527 Use After Free vulnerability in VMWare products
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device.
local
low complexity
vmware CWE-416
8.8
8.8
2019-09-20 CVE-2019-5521 Out-of-bounds Read vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality.
network
low complexity
vmware CWE-125
critical
 9.6
9.6
2019-09-18 CVE-2019-5531 Insufficient Session Expiration vulnerability in VMWare Esxi, Vcenter Server and Vsphere Esxi
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration.
network
low complexity
vmware CWE-613
5.4
5.4