) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-31705 |
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. Published: December 14, 2022; 2:15:13 PM -0500 |
V3.1: 8.2 HIGH V2.0:(not available) |
| CVE-2022-31699 |
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure. Published: December 13, 2022; 11:15:19 AM -0500 |
V3.1: 3.3 LOW V2.0:(not available) |
| CVE-2022-31696 |
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. Published: December 13, 2022; 11:15:19 AM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-31681 |
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. Published: October 07, 2022; 5:15:11 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2022-23825 |
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. Published: July 14, 2022; 4:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2022-29901 |
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. Published: July 12, 2022; 3:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 1.9 LOW |
| CVE-2022-21166 |
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Published: June 15, 2022; 5:15:09 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2022-21125 |
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Published: June 15, 2022; 4:15:17 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2022-21123 |
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Published: June 15, 2022; 4:15:17 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |