The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of ESXi

vulnerability CVE-2018-12126 CVE-2018-12127 CVE-2018-12130

Intel processors: information disclosure via performance measurement

Synthesis of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Impacted products: XenServer, Debian, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows RT, OpenBSD, openSUSE Leap, PAN-OS, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, ESXi, vCenter Server, VMware vSphere Hypervisor, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/05/2019.
Revision date: 15/05/2019.
Identifiers: CERTFR-2019-AVI-209, CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CERTFR-2019-AVI-213, CERTFR-2019-AVI-215, CERTFR-2019-AVI-217, CERTFR-2019-AVI-229, CERTFR-2019-AVI-230, CERTFR-2019-AVI-233, CERTFR-2019-AVI-311, CTX251995, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, DLA-1787-1, DLA-1789-1, DLA-1789-2, DLA-1799-1, DLA-1799-2, DSA-4444-1, DSA-4447-1, DSA-4447-2, FEDORA-2019-0731828893, FEDORA-2019-1f5832fc0e, FEDORA-2019-640f8d8dd1, FEDORA-2019-6458474bf2, FEDORA-2019-c36afa818c, FEDORA-2019-e6bf55e821, FEDORA-2019-eb08fb0c5f, FG-IR-18-002, FreeBSD-SA-19:07.mds, INTEL-SA-00233, openSUSE-SU-2019:1402-1, openSUSE-SU-2019:1403-1, openSUSE-SU-2019:1404-1, openSUSE-SU-2019:1405-1, openSUSE-SU-2019:1407-1, openSUSE-SU-2019:1408-1, openSUSE-SU-2019:1419-1, openSUSE-SU-2019:1420-1, openSUSE-SU-2019:1468-1, openSUSE-SU-2019:1505-1, PAN-SA-2019-0012, RHSA-2019:1155-01, RHSA-2019:1167-01, RHSA-2019:1168-01, RHSA-2019:1169-01, RHSA-2019:1170-01, RHSA-2019:1171-01, RHSA-2019:1172-01, RHSA-2019:1174-01, RHSA-2019:1175-01, RHSA-2019:1176-01, RHSA-2019:1177-01, RHSA-2019:1178-01, RHSA-2019:1180-01, RHSA-2019:1181-01, RHSA-2019:1182-01, RHSA-2019:1183-01, RHSA-2019:1184-01, RHSA-2019:1185-01, RHSA-2019:1186-01, RHSA-2019:1187-01, RHSA-2019:1188-01, RHSA-2019:1189-01, RHSA-2019:1190-01, RHSA-2019:1193-01, RHSA-2019:1194-01, RHSA-2019:1195-01, RHSA-2019:1196-01, RHSA-2019:1197-01, RHSA-2019:1198-01, SSA-616472, SUSE-SU-2019:1235-1, SUSE-SU-2019:1236-1, SUSE-SU-2019:1238-1, SUSE-SU-2019:1239-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1243-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, SUSE-SU-2019:1248-1, SUSE-SU-2019:1268-1, SUSE-SU-2019:1269-1, SUSE-SU-2019:1272-1, SUSE-SU-2019:1287-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:1296-1, SUSE-SU-2019:1313-1, SUSE-SU-2019:1347-1, SUSE-SU-2019:1348-1, SUSE-SU-2019:1349-1, SUSE-SU-2019:1356-1, SUSE-SU-2019:1371-1, SUSE-SU-2019:14048-1, SUSE-SU-2019:14051-1, SUSE-SU-2019:14052-1, SUSE-SU-2019:14063-1, SUSE-SU-2019:1423-1, SUSE-SU-2019:1438-1, SUSE-SU-2019:1452-1, SUSE-SU-2019:1490-1, SUSE-SU-2019:1547-1, SUSE-SU-2019:1550-1, Synology-SA-19:24, USN-3977-1, USN-3977-2, USN-3977-3, USN-3978-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, USN-3982-1, USN-3982-2, USN-3983-1, USN-3983-2, USN-3984-1, USN-3985-1, USN-3985-2, VIGILANCE-VUL-29300, VMSA-2019-0008, XSA-297, ZombieLoad.

Description of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-5514 CVE-2019-5515 CVE-2019-5518

VMware ESXi/Workstation: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi/Workstation.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 5.
Creation date: 29/03/2019.
Revision date: 18/04/2019.
Identifiers: CERTFR-2019-AVI-136, CVE-2019-5514, CVE-2019-5515, CVE-2019-5518, CVE-2019-5519, CVE-2019-5524, VIGILANCE-VUL-28896, VMSA-2019-0005, ZDI-19-420, ZDI-19-421, ZDI-19-516.

Description of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi/Workstation.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-5516 CVE-2019-5517 CVE-2019-5520

VMware ESXi/Workstation: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi/Workstation.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/04/2019.
Revision date: 18/04/2019.
Identifiers: CERTFR-2019-AVI-167, CVE-2019-5516, CVE-2019-5517, CVE-2019-5520, VIGILANCE-VUL-29032, VMSA-2019-0006, ZDI-19-369.

Description of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi/Workstation.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-6981 CVE-2018-6982

VMware ESXi/Workstation: information disclosure via vmxnet3

Synthesis of the vulnerability

A local attacker, inside a guest system, can read a memory fragment via vmxnet3 of VMware ESXi/Workstation, in order to obtain sensitive information on the host system.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/11/2018.
Identifiers: CERTFR-2018-AVI-542, CVE-2018-6981, CVE-2018-6982, VIGILANCE-VUL-27750, VMSA-2018-0027.

Description of the vulnerability

A local attacker, inside a guest system, can read a memory fragment via vmxnet3 of VMware ESXi/Workstation, in order to obtain sensitive information on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-6974

VMware ESXi, Workstation: privilege escalation via SVGA Device

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via SVGA Device of VMware ESXi, Workstation, in order to escalate his privileges on the host system.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 17/10/2018.
Identifiers: CERTFR-2018-AVI-493, CVE-2018-6974, VIGILANCE-VUL-27545, VMSA-2018-0026.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via SVGA Device of VMware ESXi, Workstation, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-6977

VMware ESXi/Workstation: infinite loop via 3D-rendering Shader

Synthesis of the vulnerability

An attacker, inside a guest system, can generate an infinite loop via 3D-rendering Shader of VMware ESXi/Workstation, in order to trigger a denial of service on the host system.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 10/10/2018.
Identifiers: CVE-2018-6977, TALOS-2018-0589, VIGILANCE-VUL-27453.

Description of the vulnerability

An attacker, inside a guest system, can generate an infinite loop via 3D-rendering Shader of VMware ESXi/Workstation, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-3646

Intel processors: information disclosure via Foreshadow L1TF Virtualization

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via L1TF Virtualization on Intel processors, in order to obtain sensitive information.
Impacted products: SNS, Mac OS X, Arkoon FAST360, Cisco ASR, Nexus by Cisco, NX-OS, Cisco UCS, XenServer, Debian, Avamar, NetWorker, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, HP ProLiant, QRadar SIEM, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, OpenBSD, openSUSE Leap, Oracle Communications, Solaris, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere Hypervisor, VMware Workstation, Xen.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 16/08/2018.
Identifiers: 525211, 528031, ADV180018, CERTFR-2018-AVI-385, CERTFR-2018-AVI-386, CERTFR-2018-AVI-387, CERTFR-2018-AVI-388, CERTFR-2018-AVI-390, CERTFR-2018-AVI-391, CERTFR-2018-AVI-392, CERTFR-2018-AVI-416, CERTFR-2018-AVI-419, CERTFR-2018-AVI-426, CERTFR-2018-AVI-557, CERTFR-2018-AVI-584, CERTFR-2019-AVI-169, CERTFR-2019-AVI-242, cisco-sa-20180814-cpusidechannel, cpuapr2019, cpujan2019, CTX236548, CVE-2018-3646, DLA-1481-1, DLA-1506-1, DSA-2018-170, DSA-2018-217, DSA-2019-030, DSA-4274-1, DSA-4279-1, DSA-4279-2, FEDORA-2018-1c80fea1cd, FEDORA-2018-f8cba144ae, FG-IR-18-002, Foreshadow, FreeBSD-SA-18:09.l1tf, HPESBHF03874, HT209139, HT209193, ibm10742755, INTEL-SA-00161, JSA10937, K31300402, openSUSE-SU-2018:2399-1, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, openSUSE-SU-2018:2434-1, openSUSE-SU-2018:2436-1, openSUSE-SU-2018:4304-1, RHSA-2018:2384-01, RHSA-2018:2387-01, RHSA-2018:2388-01, RHSA-2018:2389-01, RHSA-2018:2390-01, RHSA-2018:2391-01, RHSA-2018:2392-01, RHSA-2018:2393-01, RHSA-2018:2394-01, RHSA-2018:2395-01, RHSA-2018:2396-01, RHSA-2018:2602-01, RHSA-2018:2603-01, SSA-254686, STORM-2018-005, SUSE-SU-2018:2328-1, SUSE-SU-2018:2331-1, SUSE-SU-2018:2332-1, SUSE-SU-2018:2335-1, SUSE-SU-2018:2338-1, SUSE-SU-2018:2344-1, SUSE-SU-2018:2362-1, SUSE-SU-2018:2366-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2384-1, SUSE-SU-2018:2394-1, SUSE-SU-2018:2401-1, SUSE-SU-2018:2409-1, SUSE-SU-2018:2410-1, SUSE-SU-2018:2480-1, SUSE-SU-2018:2482-1, SUSE-SU-2018:2483-1, SUSE-SU-2018:2528-1, SUSE-SU-2018:2596-1, SUSE-SU-2018:2637-1, SUSE-SU-2018:3490-1, SUSE-SU-2018:4300-1, Synology-SA-18:45, USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, USN-3756-1, USN-3823-1, VIGILANCE-VUL-26999, VMSA-2018-0020, VU#982149, XSA-273, XSA-289.

Description of the vulnerability

An attacker can bypass access restrictions to data via L1TF Virtualization on Intel processors, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-6972

VMware ESXi/Workstation: NULL pointer dereference via RPC Handler

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via RPC Handler of VMware ESXi/Workstation, in order to trigger a denial of service.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 20/07/2018.
Identifiers: CVE-2018-6972, VIGILANCE-VUL-26811, VMSA-2018-0018.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via RPC Handler of VMware ESXi/Workstation, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-6969

VMware Tools: out-of-bounds memory reading via HGFS

Synthesis of the vulnerability

An attacker can force a read at an invalid address via HGFS of VMware Tools, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: data reading, denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 13/07/2018.
Identifiers: CVE-2018-6969, VIGILANCE-VUL-26734, VMSA-2018-0017.

Description of the vulnerability

An attacker can force a read at an invalid address via HGFS of VMware Tools, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-6965 CVE-2018-6966 CVE-2018-6967

VMware ESXi, Workstation: out-of-bounds memory reading via Shader Translator

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Shader Translator of VMware ESXi/Workstation, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 29/06/2018.
Identifiers: CERTFR-2018-AVI-317, CVE-2018-6965, CVE-2018-6966, CVE-2018-6967, TALOS-2018-0540, VIGILANCE-VUL-26582, VMSA-2018-0016.

Description of the vulnerability

An attacker can force a read at an invalid address via Shader Translator of VMware ESXi/Workstation, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about ESXi: