Every CVE whose affected-product data names Vmware Esx, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (86)
CVE-2007-0063 — CVSS 10.0 (critical): Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before…
CVE-2013-1405 — CVSS 10.0 (critical): VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b…
CVE-2007-0061 — CVSS 10.0 (critical): The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and…
CVE-2012-1516 — CVSS 9.9 (critical): The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users…
CVE-2013-3658 — CVSS 9.4 (critical): Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS…
CVE-2012-3288 — CVSS 9.3 (critical): VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before…
CVE-2008-4281 — CVSS 9.3 (critical): Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows…
CVE-2012-1517 — CVSS 9.0 (critical): The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of…
CVE-2012-2450 — CVSS 9.0 (critical): VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and…
CVE-2012-2449 — CVSS 9.0 (critical): VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and…
CVE-2008-2097 — CVSS 9.0 (critical): Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via…
CVE-2010-1141 — CVSS 8.5 (high): VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before…
CVE-2010-1142 — CVSS 8.5 (high): VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before…
CVE-2012-1518 — CVSS 8.3 (high): VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and…
CVE-2012-1515 — CVSS 8.3 (high): VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to…
CVE-2010-2943 — CVSS 8.1 (high): The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which…
CVE-2010-4263 — CVSS 7.9 (high): The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before…
CVE-2013-3519 — CVSS 7.9 (high): lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0…
CVE-2010-2524 — CVSS 7.8 (high): The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled…
CVE-2010-2492 — CVSS 7.8 (high): Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might…
CVE-2012-3289 — CVSS 7.8 (high): VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow…
CVE-2009-0034 — CVSS 7.8 (high): parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization…
CVE-2011-1785 — CVSS 7.8 (high): VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network…
CVE-2011-0355 — CVSS 7.8 (high): Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does…
CVE-2010-3081 — CVSS 7.8 (high): The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not…
CVE-2010-2798 — CVSS 7.8 (high): The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations…
CVE-2005-3618 — CVSS 7.6 (high): Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before…
CVE-2012-2448 — CVSS 7.5 (high): VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory…
CVE-2010-4251 — CVSS 7.5 (high): The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets…
CVE-2013-3657 — CVSS 7.5 (high): Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2007-5360 — CVSS 7.5 (high): Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in…
CVE-2003-1291 — CVSS 7.2 (high): VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server…
CVE-2008-2100 — CVSS 7.2 (high): Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware…
CVE-2008-4917 — CVSS 7.2 (high): Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and…
CVE-2009-3080 — CVSS 7.2 (high): Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause…
CVE-2010-4297 — CVSS 7.2 (high): The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware…
CVE-2012-1508 — CVSS 7.2 (high): The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to…
CVE-2012-1510 — CVSS 7.2 (high): Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows…
CVE-2013-1406 — CVSS 7.2 (high): The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1…
CVE-2013-5970 — CVSS 7.1 (high): hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service…
CVE-2010-4526 — CVSS 7.1 (high): Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote…
CVE-2009-0778 — CVSS 7.1 (high): The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not…
CVE-2009-3547 — CVSS 7.0 (high): Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer…
CVE-2011-1787 — CVSS 6.9 (medium): Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x…
CVE-2012-1666 — CVSS 6.9 (medium): Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before…
CVE-2009-2267 — CVSS 6.9 (medium): VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build…
CVE-2008-4915 — CVSS 6.9 (medium): The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through…
CVE-2008-0967 — CVSS 6.9 (medium): Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057…
CVE-2009-1244 — CVSS 6.8 (medium): Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier…
CVE-2008-4279 — CVSS 6.8 (medium): The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8…
CVE-2005-3619 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2…
CVE-2007-1271 — CVSS 6.6 (medium): Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application…
CVE-2008-3281 — CVSS 6.5 (medium): libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent…
CVE-2009-2416 — CVSS 6.5 (medium): Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent…
CVE-2011-2145 — CVSS 6.3 (medium): mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware…
CVE-2009-2848 — CVSS 5.9 (medium): The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer…
CVE-2010-4343 — CVSS 5.5 (medium): drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users…
CVE-2010-2942 — CVSS 5.5 (medium): The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain…
CVE-2010-3078 — CVSS 5.5 (medium): The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain…
CVE-2010-4655 — CVSS 5.5 (medium): net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain…
CVE-2009-3621 — CVSS 5.5 (medium): net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an…
CVE-2010-2066 — CVSS 5.5 (medium): The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only…
CVE-2006-2481 — CVSS 5.0 (medium): VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the…
CVE-2009-3733 — CVSS 5.0 (medium): Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi…
CVE-2007-1270 — CVSS 5.0 (medium): Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive…
CVE-2012-5703 — CVSS 5.0 (medium): The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid…
CVE-2011-1789 — CVSS 5.0 (medium): The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware…
CVE-2011-1786 — CVSS 5.0 (medium): lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed…
CVE-2010-3609 — CVSS 5.0 (medium): The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol…
CVE-2005-4773 — CVSS 4.9 (medium): The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1)…
CVE-2009-1072 — CVSS 4.9 (medium): nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows…
CVE-2008-4914 — CVSS 4.7 (medium): Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350-200901401-SG allows local…
CVE-2009-1630 — CVSS 4.4 (medium): The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is…
CVE-2007-5671 — CVSS 4.4 (medium): HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE…
CVE-2013-5973 — CVSS 4.4 (medium): VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power…
CVE-2014-1207 — CVSS 4.3 (medium): VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by…
CVE-2005-4583 — CVSS 4.3 (medium): Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code…
CVE-2013-1661 — CVSS 4.3 (medium): VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows…
CVE-2009-1805 — CVSS 4.0 (medium): Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and…
CVE-2006-3589 — CVSS 3.6 (low): vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call…
CVE-2014-1208 — CVSS 3.3 (low): VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and…
CVE-2011-2146 — CVSS 2.1 (low): mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware…
CVE-2005-3620 — CVSS 2.1 (low): The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records…
CVE-2008-2101 — CVSS 2.1 (low): The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command…