548 matches found
VMware Tools update addresses an out-of-bounds read vulnerability
VMware Tools for Windows VMware Tools Shared Folders out-of-bounds read vulnerability VMware Tools for Windows contains an out-of-bounds read vulnerability in the Shared Folders feature. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate...
VMware product updates address information disclosure issue.
a. vCenter Server, vCloud Director, Horizon View information disclosure issue VMware products that use Flex BlazeDS may be affected by a flaw in the processing of XML External Entity XXE requests. A specially crafted XML request sent to the server could lead to unintended information be disclosed...
VMware product updates address critical information disclosure issue in JRE.
a. Oracle JRE Update Oracle JRE is updated in VMware products to address a critical security issue that existed in earlier releases of Oracle JRE. VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593, as documented in the Oracle Jav...
VMSA-2015-0002:VMware vSphere Data Protection product update addresses a certificate validation vulnerability.
VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2015-0002 VMware Security Advisory Synopsis: VMware vSphere Data Protection product update addresses a certificate...
VMware ESXi update to third party library
a. ESXi update to third party component libxml2 The libxml2 third party library has been updated which addresses multiple security issues. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2010-4008, CVE-2011-0216,CVE-2011-1944, CVE-2011-2834,...
VMSA-2010-0003.1 ESX Service Console update for net-snmp
a. Service Console package net-snmp updatedThis patch updates the service console package for net-snmp, net-snmp-utils, and net-snmp-libs to version net-snmp-5.0.9-2.30E.28. This net-snmp update fixes a divide-by- zero flaw in the snmpd daemon. A remote attacker could issue a specially crafted...
VMSA-2025-0016: VMware vCenter and NSX updates address multiple vulnerabilities (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252)
Advisory ID: | VMSA-2025-0016 ---|--- Advisory Severity: | Important CVSSv3 Range: | 7.5-8.5 Synopsis: | VMware vCenter and NSX updates address multiple vulnerabilities CVE-2025-41250, CVE-2025-41251, CVE-2025-41252 Issue date: | 2025-09-29 Updated on: | 2025-09-29 Initial Advisory CVEs |...
VMware Workspace ONE UEM console patches address a cross-site scripting vulnerability (CVE-2021-21990)
3. Cross Site Scripting XSS vulnerability in VMware Workspace ONE UEM console CVE-2021-21990 VMware Workspace ONE UEM console does not validate an incoming request during device enrollment.VMware has evaluated the severity of this issue to be in the low severity range with a maximum CVSSv3 base...
ESXi patches address partial denial of service vulnerability in hostd process (CVE-2019-5528)
3. Partial denial of service vulnerability in ESXi hostd process CVE-2019-5528 A malicious actor with network access to an ESXi host could create a partial denial of service condition in management functionality. Successful exploitation of this issue may cause hostd to become unresponsive...
VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities
a. Heap buffer-overflow vulnerability in VMNAT device VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. VMware would like to thank Jun Mao of Tencent PC Manager working with Trend Micro's Zero Day...
VMSA-2016-0009:VMware vCenter Server updates address an HIGH reflected cross-site scripting issue
VMSA-2016-0009 VMware vCenter Server updates address an important reflected cross-site scripting issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0009 VMware Security Advisory Synopsis: VMware vCenter Server updates address an important reflected cross-site scripting...
VMware ESX patch address security issues
a. Service Console update for sudoThe service console package sudo is updated to version 1.7.2p1-14.el58.3The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2012-2337 and CVE-2012-3440 to the issue addressed in this update. Column 4 of the following table lis...
VMware security updates for vCSA, vCenter Server, and ESXi
a. vCenter Server Appliance directory traversal The vCenter Server Appliance vCSA contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like ...
VMware hosted products and ESXi/ESX patches address privilege escalation
a. VMware Tools Incorrect Folder Permissions Privilege EscalationThe access control list of the VMware Tools folder is incorrectly set. Exploitation of this issue may lead to local privilege escalation on Windows-based Guest Operating Systems.VMware would like to thank Tavis Ormandy for reporting...
ESX Service Console update for krb5
a. Service Console package krb5 updateKerberos is a network authentication protocol. It is designed toprovide strong authentication for client/server applications byusing secret-key cryptography.An input validation flaw in the asn1decodegeneraltime function inMIT Kerberos 5 before 1.6.4 allows...
VMware Workspace ONE UEM console updates address an open redirect vulnerability (CVE-2023-20886)
3. Advisory Details VMware Workspace ONE UEM console contains an open redirect vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8...
VMware Tanzu Application Service for VMs and Isolation Segment updates address information disclosure vulnerability (CVE-2023-20891)
3. VMware Tanzu Application Service for VMs and Isolation Segment information disclosure vulnerability CVE-2023-20891 The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform...
VMware Workspace ONE Assist update addresses multiple vulnerabilities.
3a. Authentication Bypass vulnerability CVE-2022-31685 VMware Workspace ONE Assist contains an Authentication Bypass vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. 3b. Broken Authentication Method...
VMware Horizon Client update addresses a denial-of-service vulnerability (CVE-2020-3991)
3. File system access control denial-of-service vulnerability CVE-2020-3991 VMware Horizon Client for Windows contains a denial-of-service vulnerability due to a file system access control issue during install time. VMware has evaluated the severity of this issue to be in the Moderate severity...
VMware Workstation, Fusion and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3980, CVE-2020-3986, CVE-2020-3987, CVE-2020-3988, CVE-2020-3989, CVE-2020-3990)
3a. PATH configuration privilege escalation vulnerability CVE-2020-3980 VMware Fusion contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3...
VMware ESXi, Workstation and Fusion updates address multiple security issues.
a. VMware ESXi, Workstation and Fusion UHCI out-of-bounds read/write and TOCTOU vulnerabilities VMware ESXi, Workstation and Fusion contain an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use TOCTOU vulnerability in the virtual USB 1.1 UHCI Universal Host Controller Interfac...
VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue
New speculative-execution control mechanism for Virtual Machines Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines VMs. As a result, a patched Guest Operating System Guest OS can remediate the Branch Target...
VMware vSphere updates address multiple vulnerabilities
a. VMware ESXi and ESX contain a vulnerability in hostd-vmdb. To exploit this vulnerability, an attacker must intercept and modify the management traffic. Exploitation of the issue may lead to a Denial of Service of the hostd-vmdb service. To reduce the likelihood of exploitation, vSphere...
VMSA-2026-0002: VMware Workstation and Fusion updates address multiple vulnerabilities (CVE-2026-22715, CVE-2026-22716, CVE-2026-22717, CVE-2026-22722)
Advisory ID: | VMSA-2026-0002 ---|--- Advisory Severity: | Moderate CVSSv3 Range: | 2.7 - 6.1 Synopsis: | VMware Workstation and Fusion updates address multiple vulnerabilities CVE-2026-22715, CVE-2026-22716, CVE-2026-22717, CVE-2026-22722 Issue date: | 2026-02-26 Updated on: | 2026-02-26 Initial...
VMSA-2026-0001: VMware Aria Operations updates address multiple vulnerabilities (CVE-2026-22719, CVE-2026-22720 and CVE-2026-22721)
Advisory ID: | VMSA-2026-0001.1 ---|--- Advisory Severity: | Important CVSSv3 Range: | 6.2 - 8.1 Synopsis: | VMware Aria Operations updates address multiple vulnerabilities CVE-2026-22719, CVE-2026-22720 and CVE-2026-22721 Issue date: | 2026-02-24 Updated on: | 2026-03-03 Updated Advisory CVEs |...
VMSA-2024-0003:Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced Authentication Plug-in (EAP) (CVE-2024-22245, CVE-2024-22250)
Advisory ID: | VMSA-2024-0003 ---|--- CVSSv3 Range: | 9.6 - 7.8 Issue Date: | 2024-02-20 Updated On: | 2024-02-20 Initial Advisory CVEs: | CVE-2024-22245, CVE-2024-22250 Synopsis: | Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced...
VMware Tanzu Application Service for VMs updates address a denial-of-service vulnerability (CVE-2021-22101)
3a. VMware Tanzu Application service for VMs updates address a denial-of-service vulnerability CVE-2021-22101 VMware Tanzu Application Service for VMs uses Cloud Controller CAPI from Cloud Foundry which is vulnerable to an unauthenticated denial-of-serviceDoS vulnerability. VMware has evaluated...
VMSA-2020-0018:VMware ESXi, vCenter Server, and Cloud Foundation updates address a partial denial of service vulnerability
Advisory ID: VMSA-2020-0018 CVSSv3 Range: 5.3 Issue Date:2020-08-20 Updated On: 2020-08-20 Initial Advisory CVEs: CVE-2020-3976 Synopsis: VMware ESXi, vCenter Server, and Cloud Foundation updates address a partial denial of service vulnerability CVE-2020-3976 RSS Feed Download PDF Download Text...
VMware SD-WAN by VeloCloud updates address SQL-injection vulnerability (CVE-2020-3973)
3a. Advisory Details The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.5...
VMSA-2020-0012:VMware ESXi, Workstation and Fusion updates address out-of-bounds read vulnerability
Advisory ID: VMSA-2020-0012 CVSSv3 Range: 7.1 Issue Date:2020-06-09 Updated On: 2020-06-09 Initial Advisory CVEs: CVE-2020-3960 Synopsis: VMware ESXi, Workstation and Fusion updates address out-of-bounds read vulnerability CVE-2020-3960 RSS Feed Download PDF Download Text File Share this page on...
ESX Service Console updates for openssl, bind, and vim
a. Updated OpenSSL package for the Service Console fixes a security issue. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVPVerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signatur...
Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
a. Updated pcre Service Console package addresses several security issuesThe pcre package contains the Perl-Compatible Regular Expression library. pcre is used by various Service Console utilities. Several security issues were discovered in the way PCRE handles regular expressions. If an...
VMSA-2026-0003: VMware Fusion updates address privilege escalation vulnerability (CVE-2026-41702)
Advisory ID: | VMSA-2026-0003 ---|--- Advisory Severity: | Important CVSSv3 Range: | 7.8 Synopsis: | VMware Fusion updates address privilege escalation vulnerability CVE-2026-41702 Issue date: | 2026-05-14 Updated on: | 2026-05-14 Initial Advisory CVEs | CVE-2026-41702 1. Impacted Products VMware...
VMSA-2024-0005:VMware Workstation and Fusion updates address an out-of-bounds read vulnerability (CVE-2024-22251)
Advisory ID: | VMSA-2024-0005 ---|--- Advisory Severity: | Moderate CVSSv3 Range: | 5.9 Synopsis: | VMware Workstation and Fusion updates address an out-of-bounds read vulnerability CVE-2024-22251 Issue date: | 2024-02-27 Updated on: | 2024-02-27 Initial Advisory CVEs | CVE-2024-22251 1. Impacted...
VMware vCenter Server updates address an information disclosure vulnerability (CVE-2022-22948)
3. vCenter Server information disclosure vulnerability CVE-2022-22948 The vCenter Server contains an information disclosure vulnerability due to improper permission of files. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of...
VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)
3. VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability CVE-2021-22045 The CD-ROM device emulation in VMware Workstation, Fusion and ESXi has a heap-overflow vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a...
VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)
3. VMware vCenter Server IWA privilege escalation vulnerability CVE-2021-22048 The vCenter Server contains a privilege escalation vulnerability in the IWA Integrated Windows Authentication authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity...
VMSA-2020-0017:VMware Fusion, VMware Remote Console and Horizon Client updates address a privilege escalation vulnerability
Advisory ID: VMSA-2020-0017 CVSSv3 Range: 7.8 Issue Date:2020-07-09 Updated On: 2020-07-09 Initial Advisory CVEs: CVE-2020-3974 Synopsis: VMware Fusion, VMware Remote Console and Horizon Client updates address a privilege escalation vulnerability CVE-2020-3974 RSS Feed Download PDF Download Text...
VMSA-2020-0014:VMware Tools for macOS update addresses a denial-of-service vulnerability
Advisory ID: VMSA-2020-0014 CVSSv3 Range: 3.3 Issue Date:2020-06-18 Updated On: 2020-06-18 Initial Advisory CVEs: CVE-2020-3972 Synopsis: VMware Tools for macOS update addresses a denial-of-service vulnerability CVE-2020-3972 RSS Feed Download PDF Download Text File Share this page on social medi...
VMware Horizon Client for Windows update addresses privilege escalation vulnerability (CVE-2020-3961)
3. VMware Horizon Client for Windows privilege escalation vulnerability VMware Horizon Client for Windows contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. VMware has evaluated the severity of this issue to be in the Important...
VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities
a. Out-of-bounds write vulnerability in SVGA VMware ESXi, Workstation and Fusion contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware would like to thank Nico Golde and Ralf-Philipp Weinmann of Comsecuris UG...
vRealize Operations (vROps) updates address privilege escalation vulnerability
vROps privilege escalation issue vROps contains a privilege escalation vulnerability. Exploitation of this issue may allow a vROps user who has been assigned a low-privileged role to gain full access over the application. In addition it may be possible to stop and delete Virtual Machines managed ...
VMSA-2013-0008:VMware vCenter Chargeback Manager Remote Code Execution
VMSA-2013-0008 VMware vCenter Chargeback Manager Remote Code Execution VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0008 VMware Security Advisory Synopsis: VMware vCenter Chargeback Manager Remote Code Execution VMware Security Advisory Issue date: 2013-06-11 VMware...
Updated ESX packages for libxml2, ucd-snmp, libtiff
a. Updated ESX Service Console package libxml2A denial of service flaw was found in the way libxml2 processescertain content. If an application that is linked againstlibxml2 processes malformed XML content, the XML content mightcause the application to stop responding.The Common Vulnerabilities a...
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
ESX patches and updates for VirtualCenter fix the followingapplication vulnerabilities...
Updated e2fsprogs service console package
Updated e2fsprogs package address multiple integer overflow flaws Thanks to Rafal Wojtczuk of McAfee Avert Research for identifying and reporting this issue. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2007-5497 to this issue...
VMSA-2024-0020:VMware NSX updates address multiple vulnerabilities (CVE-2024-38818, CVE-2024-38817, CVE-2024-38815)
Advisory ID: | VMSA-2024-0020 ---|--- Advisory Severity: | Moderate CVSSv3 Range: | 4.3-6.7 Synopsis: | VMware NSX updates address multiple vulnerabilities CVE-2024-38818, CVE-2024-38817, CVE-2024-38815 Issue date: | 2024-10-09 Updated on: | 2024-10-09 Initial Advisory CVEs | CVE-2024-38818,...
VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)
3a. VMware vCenter Server Out-of-Bounds Write Vulnerability CVE-2023-34048 vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base sco...
VMSA-2009-0017:VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues
VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2009-0017 VMware Security Advisory Synopsis: VMware vCenter, ESX patch and vCenter Lab Manager releases address...
VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)
3. VMware vCenter Server IWA privilege escalation vulnerability CVE-2021-22048 The vCenter Server contains a privilege escalation vulnerability in the IWA Integrated Windows Authentication authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity...