# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-22978 |
863 |
|
Bypass |
2022-05-19 |
2023-02-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass |
2 |
CVE-2022-22973 |
269 |
|
|
2022-05-20 |
2022-05-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. |
3 |
CVE-2022-22972 |
287 |
|
Bypass |
2022-05-20 |
2022-05-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. |
4 |
CVE-2022-22965 |
94 |
|
Exec Code |
2022-04-01 |
2022-07-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. |
5 |
CVE-2022-22963 |
94 |
|
Exec Code |
2022-04-01 |
2022-07-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. |
6 |
CVE-2022-22945 |
78 |
|
Exec Code |
2022-02-16 |
2022-02-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root. |
7 |
CVE-2022-22943 |
427 |
|
Exec Code |
2022-03-03 |
2022-03-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element. |
8 |
CVE-2021-26987 |
|
|
Exec Code |
2021-03-15 |
2022-04-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. |
9 |
CVE-2021-22049 |
918 |
|
|
2021-11-24 |
2021-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. |
10 |
CVE-2021-22015 |
552 |
|
|
2021-09-23 |
2023-02-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. |
11 |
CVE-2021-22005 |
434 |
|
Exec Code |
2021-09-23 |
2021-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. |
12 |
CVE-2021-22002 |
287 |
|
|
2021-08-31 |
2021-09-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication. |
13 |
CVE-2021-21999 |
427 |
|
Exec Code |
2021-06-23 |
2022-07-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges. |
14 |
CVE-2021-21998 |
287 |
|
Bypass |
2021-06-23 |
2021-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate. |
15 |
CVE-2021-21984 |
77 |
|
Exec Code |
2021-05-07 |
2021-05-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance. |
16 |
CVE-2021-21978 |
434 |
|
Exec Code |
2021-03-03 |
2021-03-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container. |
17 |
CVE-2020-11651 |
|
|
|
2020-04-30 |
2022-07-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions. |
18 |
CVE-2020-5413 |
502 |
|
Exec Code |
2020-07-31 |
2022-05-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive against blocking unknown "deserialization gadgets" when configuring Kryo in code. |
19 |
CVE-2020-5398 |
494 |
|
|
2020-01-17 |
2022-07-25 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. |
20 |
CVE-2020-4005 |
269 |
|
|
2020-11-20 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004) |
21 |
CVE-2020-4001 |
798 |
|
|
2020-11-24 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack. |
22 |
CVE-2020-3947 |
416 |
|
Exec Code |
2020-03-16 |
2020-03-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine. |
23 |
CVE-2019-11272 |
522 |
|
|
2019-06-26 |
2021-06-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null". |
24 |
CVE-2019-5544 |
787 |
|
|
2019-12-06 |
2022-02-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. |
25 |
CVE-2019-5527 |
416 |
|
|
2019-10-10 |
2022-06-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. |
26 |
CVE-2019-5523 |
384 |
|
|
2019-04-01 |
2019-04-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session. |
27 |
CVE-2019-5519 |
367 |
|
Exec Code |
2019-04-01 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host. |
28 |
CVE-2019-5518 |
125 |
|
Exec Code |
2019-04-01 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host. |
29 |
CVE-2019-3772 |
611 |
|
|
2019-01-18 |
2020-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. |
30 |
CVE-2018-11077 |
78 |
|
Exec Code |
2018-11-26 |
2018-12-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege. |
31 |
CVE-2018-6983 |
190 |
|
Exec Code Overflow |
2018-11-27 |
2018-12-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host. |
32 |
CVE-2018-6981 |
908 |
|
Exec Code |
2018-12-04 |
2022-02-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host. |
33 |
CVE-2018-6978 |
732 |
|
|
2018-12-18 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine. |
34 |
CVE-2018-6974 |
125 |
|
Exec Code |
2018-10-16 |
2022-06-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. |
35 |
CVE-2018-6973 |
787 |
|
Exec Code |
2018-08-15 |
2018-10-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host. |
36 |
CVE-2018-6968 |
|
|
Exec Code |
2018-06-11 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator. |
37 |
CVE-2018-6962 |
|
|
Bypass |
2018-05-22 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. |
38 |
CVE-2018-6959 |
384 |
|
|
2018-04-13 |
2018-05-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session. |
39 |
CVE-2018-1275 |
94 |
|
Exec Code |
2018-04-11 |
2022-06-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. |
40 |
CVE-2018-1270 |
94 |
|
Exec Code |
2018-04-06 |
2022-06-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. |
41 |
CVE-2017-8046 |
20 |
|
|
2018-01-04 |
2022-04-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. |
42 |
CVE-2017-4946 |
863 |
|
|
2018-01-05 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM. |
43 |
CVE-2017-4943 |
787 |
|
+Priv |
2017-12-20 |
2021-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS. |
44 |
CVE-2017-4934 |
119 |
|
Exec Code Overflow |
2017-11-17 |
2017-12-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. |
45 |
CVE-2017-4924 |
787 |
|
Exec Code |
2017-09-15 |
2022-02-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. |
46 |
CVE-2017-4920 |
400 |
|
|
2017-12-05 |
2017-12-22 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity. |
47 |
CVE-2017-4914 |
502 |
|
Exec Code |
2017-06-07 |
2017-08-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance. |
48 |
CVE-2017-4907 |
119 |
|
Exec Code Overflow |
2017-06-08 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway. |
49 |
CVE-2017-4904 |
119 |
|
DoS Exec Code Overflow |
2017-06-07 |
2022-02-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5. |
50 |
CVE-2017-4903 |
119 |
|
Exec Code Overflow |
2017-06-07 |
2022-02-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host. |