Vulnerabilities > Vmware > Esxi > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-25 | CVE-2024-37085 | Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. | 7.2 |
| 2023-04-25 | CVE-2023-29552 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. | 7.5 |
| 2022-12-14 | CVE-2022-31705 | Out-of-bounds Write vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). | 8.2 |
| 2022-12-13 | CVE-2022-31696 | Out-of-bounds Write vulnerability in VMWare Esxi 6.5/6.7 VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. | 8.8 |
| 2022-02-16 | CVE-2021-22042 | Incorrect Authorization vulnerability in VMWare Cloud Foundation and Esxi VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. | 7.8 |
| 2022-02-16 | CVE-2021-22043 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare Esxi and Fusion VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. | 7.5 |
| 2022-02-16 | CVE-2021-22050 | Allocation of Resources Without Limits or Throttling vulnerability in VMWare Esxi 6.5/6.7 ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. | 7.5 |
| 2022-01-04 | CVE-2021-22045 | Out-of-bounds Write vulnerability in VMWare products VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. | 7.8 |
| 2021-07-13 | CVE-2021-21995 | Out-of-bounds Read vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. | 7.5 |
| 2021-02-24 | CVE-2021-21974 | Out-of-bounds Write vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. | 8.8 |