High
Vmware ESXi is vulnerable to a denial of service, caused by a slow HTTP POST denial-of-service vulnerability in rhttpproxy. By overwhelming rhttpproxy service with multiple requests, an attacker could exploit this vulnerability to cause a denial of service.
VMware ESXi could allow a local authenticated attacker to gain elevated privileges on the system, caused by a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. By writing arbitrary files, an attacker could exploit this vulnerability to escalate their privileges.
Vmware ESXi could allow a local authenticated attacker to gain access to the system, caused by VMX having access to settingsd authorization tickets. An attacker could exploit this vulnerability to access settingsd service running as a high privileged user.
Vmware ESXi, Workstation and Fusion could allow a local attacker to execute arbitrary code on the system, caused by a double-fetch vulnerability in the UHCI USB controller. An attacker could exploit this vulnerability to execute code as the virtual machine’s VMX process running on the host.
VMware
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.