7.0 Update 2 * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2022-29901	668	Exec Code Bypass	2022-07-12	2022-08-03	1.9	None	Local	Medium	Not required	Partial	None	None
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
2	CVE-2022-23825	668		2022-07-14	2022-08-03	2.1	None	Local	Low	Not required	Partial	None	None
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
3	CVE-2022-21166	459		2022-06-15	2022-08-03	2.1	None	Local	Low	Not required	Partial	None	None
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
4	CVE-2022-21125	459		2022-06-15	2022-08-03	2.1	None	Local	Low	Not required	Partial	None	None
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
5	CVE-2022-21123	459		2022-06-15	2022-08-03	2.1	None	Local	Low	Not required	Partial	None	None
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
6	CVE-2021-22045	787	Exec Code Overflow	2022-01-04	2022-01-27	6.9	None	Local	Medium	Not required	Complete	Complete	Complete
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
7	CVE-2021-22043	367		2022-02-16	2022-02-24	6.0	None	Remote	Medium	???	Partial	Partial	Partial
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.
8	CVE-2021-22042	863		2022-02-16	2022-02-25	4.6	None	Local	Low	Not required	Partial	Partial	Partial
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.
9	CVE-2021-22041		Exec Code	2022-02-16	2022-02-24	4.6	None	Local	Low	Not required	Partial	Partial	Partial
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
10	CVE-2021-22040	416	Exec Code	2022-02-16	2022-02-24	4.6	None	Local	Low	Not required	Partial	Partial	Partial
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Total number of vulnerabilities : 10 Page : 1 (This Page)