548 matches found
VMware View Server directory traversal
a. VMware View Server directory traversalVMware View contains a critical directory traversal vulnerability that allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive information stored on the...
VMSA-2012-0014:VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates
VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0014 VMware Security Advisory Synopsis: VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates VMware Security...
VMSA-2012-0002:VMware vCenter Chargeback Manager Information Leak and Denial of Service
VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0002 VMware Security Advisory Synopsis: VMware vCenter Chargeback Manager Information Leak and Denial of Service VMware Security Advisor...
VMware ESX third party updates for Service Console packages glibc and dhcp
a. Service Console update for DHCPThe DHCP client daemon, dhclient, does not properly sanatize certain options in DHCP server replies. An attacker could send a specially crafted DHCP server reply, that is saved on the client system and evaluated by a process that assumes the option is trusted. Th...
VMware vCenter Update Manager fix for Jetty Web server addresses important security vulnerabilities
a. VMware vCenter Update Manager Jetty Web server vulnerabilities VMware vCenter Update Manager is an automated patch management solution for VMware ESX hosts and Microsoft virtual machines. Update Manager embeds the Jetty Web server which is a third party component. The default version of the...
ESX Service Console updates for samba and acpid
a. Service Console update for samba to 3.0.33-3.15.el54.1This update changes the samba packages to samba-client-3.0.33-3.15.el54.1 and samba-common-3.0.33-3.15.el54.1. These versions include fixes for security issues that were first fixed in samba-client-3.0.33-0.18.el48 and...
VMware Workspace ONE Content update addresses a passcode bypass vulnerability (CVE-2023-20857)
3. Passcode bypass vulnerability CVE-2023-20857 VMware Workspace ONE Content contains a passcode bypass vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.3...
VMSA-2022-0026:VMware vRealize Operations patches address an arbitrary file read vulnerability
Advisory ID: VMSA-2022-0026 CVSSv3 Range: 4.9 Issue Date:2022-10-11 Updated On: 2022-10-11 Initial Advisory CVEs: CVE-2022-31682 Synopsis: VMware vRealize Operations patches address an arbitrary file read vulnerability CVE-2022-31682. RSS Feed Download PDF Download Text File Share this page on...
VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities (CVE-2021-21980, CVE-2021-22049)
3a. vCenter Server updates address arbitrary file read vulnerability in the vSphere Web Client CVE-2021-21980 The vSphere Web Client FLEX/Flash contains an unauthorized arbitrary file read vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a...
VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime.
VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime. Successful exploitation of this issue may allow a malicious container to overwrite the contents of a host's runc binary and execute arbitrary code. Exploitation of this vulnerability requires the...
VMSA-2011-0011:Hosted product updates address a remote code execution vulnerability in the way UDF file systems are handled
VMSA-2011-0011 VMware hosted products address remote code execution vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0011 VMware Security Advisory Synopsis: VMware hosted products address remote code execution vulnerability VMware Security Advisory Issue date...
VMware Cloud Foundation updates address multiple vulnerabilities.
3a. VMware Cloud Foundation update addresses a remote code execution vulnerability via XStream CVE-2021-39144 VMware Cloud Foundation contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity rang...
VMSA-2022-0014:VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities
Advisory ID: VMSA-2022-0014.1 CVSSv3 Range: 7.8-9.8 Issue Date:2022-05-18 Updated On: 2022-05-27 CVEs: CVE-2022-22972, CVE-2022-22973 Synopsis: VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities. RSS Feed Download PDF Download Text File...
VMware Carbon Black App Control update addresses authentication bypass (CVE-2021-21998)
3. VMware Carbon Black App Control updates address authentication bypass CVE-2021-21998 The VMware Carbon Black App Control management server has an authentication bypass. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.4...
VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)
1. Impacted Products VMware vRealize Operations VMware Cloud Foundation vRealize Suite Lifecycle Manager 2. Introduction Multiple vulnerabilities in VMware vRealize Operations were privately reported to VMware. Patches and Workarounds are available to address these vulnerabilities in impacted...
VMSA-2018-0031:vRealize Operations updates address a local privilege escalation vulnerability
VMSA-2018-0031 vRealize Operations updates address a local privilege escalation vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0031 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: vRealize Operations updates address a local...
vSphere Data Protection (VDP) update addresses SSH key-based authentication issue
VDP SSH key-based authentication issue VDP contains a private SSH key with a known password that is configured to allow key-based authentication. Exploitation of this issue may allow an unauthorized remote attacker to log into the appliance with root privileges. VMware would like to thank Marc...
VMSA-2013-0007:VMware ESX patch address security issues
VMSA-2013-0007.1 VMware ESX third party update for Service Console package sudo VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0007.1 VMware Security Advisory Synopsis: VMware ESX third party update for Service Console package sudo VMware Security Advisory Issue date:...
VMware ESX third party updates for Service Console
a. Service Console update for NSSdb The service console package NSSdb is updated to version nssdb-2.2-35.4.el55. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2010-0826 to this issue. Column 4 of the following table lists the action required to remediate...
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
a. Service Console update for DHCP and third party library update for DHCP client. DHCP is an Internet-standard protocol by which a computer can be connected to a local network, ask to be given configuration information, and receive from a server enough information to configure itself as a member...
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
a. Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27Update for VirtualCenter and ESX patch update the Tomcat package to version 5.5.27 which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposur...
VMSA-2008-0006:Updated libxml2 service console package
VMSA-2008-0006.1 Updated libxml2 service console package VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMSA-2008-0006.1 VMware Security AdvisorySynopsis: Updated libxml2 service console package VMware Security AdvisoryIssue date: 2008-03-28 VMware Security AdvisoryUpdated on:...
VMware SD-WAN update addresses a bypass authentication vulnerability (CVE-2023-20899)
3. VMware SD-WAN Bypass Authentication Vulnerability CVE-2023-20899 VMware SD-WAN contains a bypass authentication vulnerability. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 5.3...
VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-20887, CVE-2023-20888, CVE-2023-20889)
3a. Aria Operations for Networks Command Injection Vulnerability CVE-2023-20887 Aria Operations for Networks contains a command injection vulnerability. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8. 3b. Aria Operation...
VMSA-2023-0011:VMware Workspace ONE Access and Identity Manager update addresses an Insecure Redirect Vulnerability.
Advisory ID: VMSA-2023-0011 CVSSv3 Range: 6.1 Issue Date:2023-05-30 Updated On: 2023-05-30 Initial Advisory CVEs: CVE-2023-20884 Synopsis: VMware Workspace ONE Access and Identity Manager update addresses an Insecure Redirect Vulnerability. CVE-2023-20884 RSS Feed Download PDF Download Text File...
VMware Workspace ONE UEM console patches address SSRF vulnerability (CVE-2021-22054)
3. Advisory Details VMware Workspace ONE UEM console contains a Server Side Request Forgery SSRF vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1...
VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954)
3a. Cross Site Scripting XSS vulnerabilities in vRealize Log Insight due to improper Input validation CVE-2020-3953 vRealize Log Insight does not properly validate user input, resulting in XSS vulnerabilities. VMware has evaluated the severity of this issue to be in the Important severity range...
VMware vSphere, ESX and ESXi updates to third party libraries
a. vCenter Server and ESX userworld update for OpenSSL library The userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2013-0169 and CVE-2013-0166 to these...
VMSA-2023-0003:VMware Workstation update addresses an arbitrary file deletion vulnerability
Advisory ID: VMSA-2023-0003 CVSSv3 Range: 7.8 Issue Date:2023-02-02 Updated On: 2023-02-02 Initial Advisory CVEs: CVE-2023-20854 Synopsis: VMware Workstation update addresses an arbitrary file deletion vulnerability CVE-2023-20854 RSS Feed Download PDF Download Text File Share this page on social...
VMSA-2021-0019:VMware vRealize Log Insight updates address Cross Site Scripting (XSS) vulnerability
Advisory ID: VMSA-2021-0019 CVSSv3 Range: 6.5 Issue Date:2021-08-24 Updated On: 2021-08-24 Initial Advisory CVEs: CVE-2021-22021 Synopsis: VMware vRealize Log Insight updates address Cross Site Scripting XSS vulnerability CVE-2021-22021 RSS Feed Download PDF Download Text File Share this page on...
VMSA-2021-0007:VMware vRealize Business for Cloud updates address a remote code execution vulnerability
Advisory ID: VMSA-2021-0007 CVSSv3 Range: 9.8 Issue Date:2021-05-05 Updated On: 2021-05-05 Initial Advisory CVEs: CVE-2021-21984 Synopsis: VMware vRealize Business for Cloud updates address a remote code execution vulnerability CVE-2021-21984 RSS Feed Download PDF Download Text File Share this pa...
VMware View Planner update addresses remote code execution vulnerability (CVE-2021-21978)
3. Advisory Details VMware View Planner contains a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6...
VMware ESXi, Workstation, Fusion and Cloud Foundation updates address a denial of service vulnerability (CVE-2020-3999)
3a. Denial-of-Service Vulnerability due to improper input validation CVE-2020-3999 VMware ESXi, Workstation and Fusion contain a denial of service vulnerability due to improper input validation in GuestInfo. VMware has evaluated the severity of this issue to be in the Low severity range with a...
VMware Horizon Server and VMware Horizon Client updates address multiple security vulnerabilities (CVE-2020-3997, CVE-2020-3998)
3a. VMware Horizon Server Cross Site Scripting XSS vulnerability CVE-2020-3997 VMware Horizon Server does not correctly validate user input. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.1. 3b. VMware Horizon Client for...
VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2019-5543, CVE-2020-3947, CVE-2020-3948)
3a. Use-after-free vulnerability in vmnetdhcp CVE-2020-3947 VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp.VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3. 3b. Local Privilege escalation...
VMSA-2020-0004:VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities
Advisory ID: VMSA-2020-0004.1 CVSSv3 Range: 7.3-9.3 Issue Date:2020-03-12 Updated On: 2020-03-14 CVEs: CVE-2019-5543, CVE-2020-3947 , CVE-2020-3948 Synopsis: VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities...
VMSA-2014-0009:VMware NSX and vCNS product updates address a CRITICAL information disclosure vulnerability.
VMSA-2014-0009 VMware NSX and vCNS product updates address a critical information disclosure vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0009 VMware Security Advisory Synopsis: VMware NSX and vCNS product updates address a critical information disclosur...
VMSA-2012-0010:VMware vMA addresses a security issue
VMSA-2012-0010 VMware vMA addresses a security issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0010 VMware Security Advisory Synopsis: VMware vMA addresses a security issue VMware Security Advisory Issue date: 2012-05-25 VMware Security Advisory Updated on: 2012-05-...
VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)
3. VMware vCenter Server IWA privilege escalation vulnerability CVE-2021-22048 The vCenter Server contains a privilege escalation vulnerability in the IWA Integrated Windows Authentication authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity...
VMware ThinApp update addresses a DLL hijacking vulnerability (CVE-2021-22000)
3. VMware ThinApp update addresses a DLL hijacking vulnerability CVE-2021-22000 VMware ThinApp contains a DLL hijacking vulnerability due to insecure loading of DLLs. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8...
VMSA-2021-0009:VMware Workstation and Horizon Client for Windows updates address multiple security vulnerabilities
Advisory ID: VMSA-2021-0009 CVSSv3 Range: 3.2 Issue Date:2021-05-20 Updated On: 2021-05-20 Initial Advisory CVEs: CVE-2021-21987, CVE-2021-21988, CVE-2021-21989 Synopsis: VMware Workstation and Horizon Client for Windows updates address multiple security vulnerabilities CVE-2021-21987,...
VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates address privilege escalation and denial-of-service vulnerabilities (CVE-2020-3950, CVE-2020-3951)
3a. Privilege escalation vulnerability via setuid binaries CVE-2020-3950 VMware Fusion, VMRC for Mac and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries. VMware has evaluated the severity of this issue to be in the Important severity rang...
VMSA-2019-0012:VMware ESXi, Workstation and Fusion updates address out-of-bounds read/write vulnerabilities
VMware Security Advisories Advisory ID| VMSA-2019-0012 ---|--- Advisory Severity| Important CVSSv3 Range| 6.3-8.5 Synopsis| VMware ESXi, Workstation and Fusion updates address out-of-bounds read/write vulnerabilities CVE-2019-5521, CVE-2019-5684 Issue Date| 2019-08-02 Updated On| 2019-08-02 Initi...
VMware ESXi and ESX security update for third party library
a. Update to ESX/ESXi libxml2 userworld and service console. The ESX/ESXi userworld libxml2 library has been updated to resolve a security issue. Also, the ESX service console libxml2 packages are updated to the following versions: The Common Vulnerabilities and Exposures project cve.mitre.org ha...
Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line
a. Host to guest shared folder HGFS traversal vulnerabilityOn Windows hosts, if you have configured a VMware host to guest shared folder HGFS, it is possible for a program running in the guest to gain access to the host's file system and create or modify executable files in sensitive locations...
VMSA-2019-0021:VMware Workstation and Fusion updates address multiple security vulnerabilities
VMware Security Advisories Advisory ID| VMSA-2019-0021 ---|--- Advisory Severity| Important CVSSv3 Range| 5.0-8.7 Synopsis| VMware Workstation and Fusion updates address multiple security vulnerabilities CVE-2019-5540, CVE-2019-5541, CVE-2019-5542 Issue Date| 2019-11-12 Updated On| 2019-11-12...
VMSA-2011-0002:Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi
VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0002 VMware Security Advisory Synopsis: Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi VMware Security...
ESX patches address an issue loading corrupt virtual disks and update Service Console packages
a. Loading a corrupt delta disk may cause ESX to crashIf the VMDK delta disk of a snapshot is corrupt, an ESX host might crash when the corrupted disk is loaded. VMDK delta files exist for virtual machines with one or more snapshots. This change ensures that a corrupt VMDK delta file cannot be us...
VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
Advisory ID: | VMSA-2024-0019.3 ---|--- Severity: | Critical CVSSv3 Range: | 7.5-9.8 Synopsis: | VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities CVE-2024-38812, CVE-2024-38813 Issue date: | 2024-09-17 Updated on: | 2024-10-21 CVEs | CVE-2024-38812,...
VMSA-2023-0014:VMware vCenter Server updates address multiple memory corruption vulnerabilities
Advisory ID: VMSA-2023-0014 CVSSv3 Range: 5.9 - 8.1 Issue Date:2023-06-22 Updated On: 2023-06-22 Initial Advisory CVEs: CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895, CVE-2023-20896 Synopsis: VMware vCenter Server updates address multiple memory corruption vulnerabilities...