VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

a. Service Location Protocol daemon DoSThis patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon SLPD. Exploitation of this vulnerability could cause SLPD to consume significant CPU resources.VMware would like to thank Nicolas Gregoire and US CERT for reporting th...

VMware Cloud Foundation updates address multiple vulnerabilities.

3a. VMware Cloud Foundation update addresses a remote code execution vulnerability via XStream CVE-2021-39144 VMware Cloud Foundation contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity rang...

VMSA-2022-0026:VMware vRealize Operations patches address an arbitrary file read vulnerability

Advisory ID: VMSA-2022-0026 CVSSv3 Range: 4.9 Issue Date:2022-10-11 Updated On: 2022-10-11 Initial Advisory CVEs: CVE-2022-31682 Synopsis: VMware vRealize Operations patches address an arbitrary file read vulnerability CVE-2022-31682. RSS Feed Download PDF Download Text File Share this page on...

VMware Workspace ONE Boxer update addresses a stored cross-site scripting (XSS) vulnerability (CVE-2022-22944)

3a. VMware Workspace ONE Boxer update addresses a stored cross-site scripting XSS vulnerability CVE-2022-22944 VMware Workspace ONE Boxer contains a stored cross-site scripting XSS vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum...

VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities (CVE-2021-21980, CVE-2021-22049)

3a. vCenter Server updates address arbitrary file read vulnerability in the vSphere Web Client CVE-2021-21980 The vSphere Web Client FLEX/Flash contains an unauthorized arbitrary file read vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a...

VMSA-2021-0024:VMware vRealize Operations Tenant App update addresses Information Disclosure Vulnerability

Advisory ID: VMSA-2021-0024 CVSSv3 Range: 5.3 Issue Date:2021-10-19 Updated On: 2021-10-19 CVEs: CVE-2021-22034 Synopsis: VMware vRealize Operations Tenant App update addresses Information Disclosure Vulnerability CVE-2021-22034 RSS Feed Download PDF Download Text File Share this page on social...

vSphere Data Protection (VDP) update addresses SSH key-based authentication issue

VDP SSH key-based authentication issue VDP contains a private SSH key with a known password that is configured to allow key-based authentication. Exploitation of this issue may allow an unauthorized remote attacker to log into the appliance with root privileges. VMware would like to thank Marc...

VMSA-2014-0001:VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues

VMSA-2014-0001 VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0001 VMware Security Advisory Synopsis: VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director addre...

VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues

a. Service Console update for DHCP and third party library update for DHCP client. DHCP is an Internet-standard protocol by which a computer can be connected to a local network, ask to be given configuration information, and receive from a server enough information to configure itself as a member...

VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27

a. Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27Update for VirtualCenter and ESX patch update the Tomcat package to version 5.5.27 which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposur...

VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954)

3a. Cross Site Scripting XSS vulnerabilities in vRealize Log Insight due to improper Input validation CVE-2020-3953 vRealize Log Insight does not properly validate user input, resulting in XSS vulnerabilities. VMware has evaluated the severity of this issue to be in the Important severity range...

VMSA-2018-0031:vRealize Operations updates address a local privilege escalation vulnerability

VMSA-2018-0031 vRealize Operations updates address a local privilege escalation vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0031 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: vRealize Operations updates address a local...

VMSA-2011-0011:Hosted product updates address a remote code execution vulnerability in the way UDF file systems are handled

VMSA-2011-0011 VMware hosted products address remote code execution vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0011 VMware Security Advisory Synopsis: VMware hosted products address remote code execution vulnerability VMware Security Advisory Issue date...

VMware ESX third party updates for Service Console

a. Service Console update for NSSdb The service console package NSSdb is updated to version nssdb-2.2-35.4.el55. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2010-0826 to this issue. Column 4 of the following table lists the action required to remediate...

VMSA-2008-0006:Updated libxml2 service console package

VMSA-2008-0006.1 Updated libxml2 service console package VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMSA-2008-0006.1 VMware Security AdvisorySynopsis: Updated libxml2 service console package VMware Security AdvisoryIssue date: 2008-03-28 VMware Security AdvisoryUpdated on:...

VMSA-2025-0003: VMware Aria Operations for Logs and VMware Aria Operations updates address multiple vulnerabilities (CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221 and CVE-2025-22222)

Advisory ID: | VMSA-2025-0003 ---|--- Advisory Severity: | Important CVSSv3 Range: | 5.2-8.5 Synopsis: | VMware Aria Operations for Logs and VMware Aria Operations updates address multiple vulnerabilities CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, CVE-2025-22222 Issue date: |...

VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)

1. Impacted Products VMware vRealize Operations VMware Cloud Foundation vRealize Suite Lifecycle Manager 2. Introduction Multiple vulnerabilities in VMware vRealize Operations were privately reported to VMware. Patches and Workarounds are available to address these vulnerabilities in impacted...

VMware ESXi, Workstation, Fusion and Cloud Foundation updates address a denial of service vulnerability (CVE-2020-3999)

3a. Denial-of-Service Vulnerability due to improper input validation CVE-2020-3999 VMware ESXi, Workstation and Fusion contain a denial of service vulnerability due to improper input validation in GuestInfo. VMware has evaluated the severity of this issue to be in the Low severity range with a...

VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2019-5543, CVE-2020-3947, CVE-2020-3948)

3a. Use-after-free vulnerability in vmnetdhcp CVE-2020-3947 VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp.VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3. 3b. Local Privilege escalation...

VMSA-2013-0007:VMware ESX patch address security issues

VMSA-2013-0007.1 VMware ESX third party update for Service Console package sudo VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0007.1 VMware Security Advisory Synopsis: VMware ESX third party update for Service Console package sudo VMware Security Advisory Issue date:...

VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-20887, CVE-2023-20888, CVE-2023-20889)

3a. Aria Operations for Networks Command Injection Vulnerability CVE-2023-20887 Aria Operations for Networks contains a command injection vulnerability. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8. 3b. Aria Operation...

VMSA-2023-0011:VMware Workspace ONE Access and Identity Manager update addresses an Insecure Redirect Vulnerability.

Advisory ID: VMSA-2023-0011 CVSSv3 Range: 6.1 Issue Date:2023-05-30 Updated On: 2023-05-30 Initial Advisory CVEs: CVE-2023-20884 Synopsis: VMware Workspace ONE Access and Identity Manager update addresses an Insecure Redirect Vulnerability. CVE-2023-20884 RSS Feed Download PDF Download Text File...

VMware Workspace ONE Content update addresses a passcode bypass vulnerability (CVE-2023-20857)

3. Passcode bypass vulnerability CVE-2023-20857 VMware Workspace ONE Content contains a passcode bypass vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.3...

VMSA-2023-0003:VMware Workstation update addresses an arbitrary file deletion vulnerability

Advisory ID: VMSA-2023-0003 CVSSv3 Range: 7.8 Issue Date:2023-02-02 Updated On: 2023-02-02 Initial Advisory CVEs: CVE-2023-20854 Synopsis: VMware Workstation update addresses an arbitrary file deletion vulnerability CVE-2023-20854 RSS Feed Download PDF Download Text File Share this page on social...

VMware Workspace ONE UEM console patches address SSRF vulnerability (CVE-2021-22054)

3. Advisory Details VMware Workspace ONE UEM console contains a Server Side Request Forgery SSRF vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1...

VMSA-2021-0019:VMware vRealize Log Insight updates address Cross Site Scripting (XSS) vulnerability

Advisory ID: VMSA-2021-0019 CVSSv3 Range: 6.5 Issue Date:2021-08-24 Updated On: 2021-08-24 Initial Advisory CVEs: CVE-2021-22021 Synopsis: VMware vRealize Log Insight updates address Cross Site Scripting XSS vulnerability CVE-2021-22021 RSS Feed Download PDF Download Text File Share this page on...

VMware Carbon Black App Control update addresses authentication bypass (CVE-2021-21998)

3. VMware Carbon Black App Control updates address authentication bypass CVE-2021-21998 The VMware Carbon Black App Control management server has an authentication bypass. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.4...

VMware View Planner update addresses remote code execution vulnerability (CVE-2021-21978)

3. Advisory Details VMware View Planner contains a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6...

VMSA-2020-0004:VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities

Advisory ID: VMSA-2020-0004.1 CVSSv3 Range: 7.3-9.3 Issue Date:2020-03-12 Updated On: 2020-03-14 CVEs: CVE-2019-5543, CVE-2020-3947 , CVE-2020-3948 Synopsis: VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities...

VMSA-2014-0009:VMware NSX and vCNS product updates address a CRITICAL information disclosure vulnerability.

VMSA-2014-0009 VMware NSX and vCNS product updates address a critical information disclosure vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0009 VMware Security Advisory Synopsis: VMware NSX and vCNS product updates address a critical information disclosur...

VMware vSphere, ESX and ESXi updates to third party libraries

a. vCenter Server and ESX userworld update for OpenSSL library The userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2013-0169 and CVE-2013-0166 to these...

VMSA-2012-0002:VMware vCenter Chargeback Manager Information Leak and Denial of Service

VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0002 VMware Security Advisory Synopsis: VMware vCenter Chargeback Manager Information Leak and Denial of Service VMware Security Advisor...

Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line

a. Host to guest shared folder HGFS traversal vulnerabilityOn Windows hosts, if you have configured a VMware host to guest shared folder HGFS, it is possible for a program running in the guest to gain access to the host's file system and create or modify executable files in sensitive locations...

VMware SD-WAN update addresses a bypass authentication vulnerability (CVE-2023-20899)

3. VMware SD-WAN Bypass Authentication Vulnerability CVE-2023-20899 VMware SD-WAN contains a bypass authentication vulnerability. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 5.3...

VMSA-2022-0001:VMware Workstation, Fusion and ESXi updates address a heap-overfLOW vulnerability

Advisory ID: VMSA-2022-0001.2 CVSSv3 Range: 7.7 Issue Date:2022-01-04 Updated On: 2022-02-14 CVEs: CVE-2021-22045 Synopsis: VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability CVE-2021-22045 RSS Feed Download PDF Download Text File Share this page on social media: 1...

VMSA-2021-0007:VMware vRealize Business for Cloud updates address a remote code execution vulnerability

Advisory ID: VMSA-2021-0007 CVSSv3 Range: 9.8 Issue Date:2021-05-05 Updated On: 2021-05-05 Initial Advisory CVEs: CVE-2021-21984 Synopsis: VMware vRealize Business for Cloud updates address a remote code execution vulnerability CVE-2021-21984 RSS Feed Download PDF Download Text File Share this pa...

VMware Horizon Server and VMware Horizon Client updates address multiple security vulnerabilities (CVE-2020-3997, CVE-2020-3998)

3a. VMware Horizon Server Cross Site Scripting XSS vulnerability CVE-2020-3997 VMware Horizon Server does not correctly validate user input. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.1. 3b. VMware Horizon Client for...

VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates address privilege escalation and denial-of-service vulnerabilities (CVE-2020-3950, CVE-2020-3951)

3a. Privilege escalation vulnerability via setuid binaries CVE-2020-3950 VMware Fusion, VMRC for Mac and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries. VMware has evaluated the severity of this issue to be in the Important severity rang...

VMSA-2019-0012:VMware ESXi, Workstation and Fusion updates address out-of-bounds read/write vulnerabilities

VMware Security Advisories Advisory ID| VMSA-2019-0012 ---|--- Advisory Severity| Important CVSSv3 Range| 6.3-8.5 Synopsis| VMware ESXi, Workstation and Fusion updates address out-of-bounds read/write vulnerabilities CVE-2019-5521, CVE-2019-5684 Issue Date| 2019-08-02 Updated On| 2019-08-02 Initi...

VMware ESXi and ESX security update for third party library

a. Update to ESX/ESXi libxml2 userworld and service console. The ESX/ESXi userworld libxml2 library has been updated to resolve a security issue. Also, the ESX service console libxml2 packages are updated to the following versions: The Common Vulnerabilities and Exposures project cve.mitre.org ha...

VMSA-2012-0010:VMware vMA addresses a security issue

VMSA-2012-0010 VMware vMA addresses a security issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0010 VMware Security Advisory Synopsis: VMware vMA addresses a security issue VMware Security Advisory Issue date: 2012-05-25 VMware Security Advisory Updated on: 2012-05-...

VMSA-2022-0014:VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities

Advisory ID: VMSA-2022-0014.1 CVSSv3 Range: 7.8-9.8 Issue Date:2022-05-18 Updated On: 2022-05-27 CVEs: CVE-2022-22972, CVE-2022-22973 Synopsis: VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities. RSS Feed Download PDF Download Text File...

VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)

3. VMware vCenter Server IWA privilege escalation vulnerability CVE-2021-22048 The vCenter Server contains a privilege escalation vulnerability in the IWA Integrated Windows Authentication authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity...

VMware Tools update addresses an out-of-bounds read vulnerability

VMware Tools for Windows VMware Tools Shared Folders out-of-bounds read vulnerability VMware Tools for Windows contains an out-of-bounds read vulnerability in the Shared Folders feature. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate...

VMware product updates address information disclosure issue.

a. vCenter Server, vCloud Director, Horizon View information disclosure issue VMware products that use Flex BlazeDS may be affected by a flaw in the processing of XML External Entity XXE requests. A specially crafted XML request sent to the server could lead to unintended information be disclosed...

VMSA-2021-0009:VMware Workstation and Horizon Client for Windows updates address multiple security vulnerabilities

Advisory ID: VMSA-2021-0009 CVSSv3 Range: 3.2 Issue Date:2021-05-20 Updated On: 2021-05-20 Initial Advisory CVEs: CVE-2021-21987, CVE-2021-21988, CVE-2021-21989 Synopsis: VMware Workstation and Horizon Client for Windows updates address multiple security vulnerabilities CVE-2021-21987,...

VMSA-2019-0021:VMware Workstation and Fusion updates address multiple security vulnerabilities

VMware Security Advisories Advisory ID| VMSA-2019-0021 ---|--- Advisory Severity| Important CVSSv3 Range| 5.0-8.7 Synopsis| VMware Workstation and Fusion updates address multiple security vulnerabilities CVE-2019-5540, CVE-2019-5541, CVE-2019-5542 Issue Date| 2019-11-12 Updated On| 2019-11-12...

ESXi patches address partial denial of service vulnerability in hostd process (CVE-2019-5528)

3. Partial denial of service vulnerability in ESXi hostd process CVE-2019-5528 A malicious actor with network access to an ESXi host could create a partial denial of service condition in management functionality. Successful exploitation of this issue may cause hostd to become unresponsive...

VMware ESXi update to third party library

a. ESXi update to third party component libxml2 The libxml2 third party library has been updated which addresses multiple security issues. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2010-4008, CVE-2011-0216,CVE-2011-1944, CVE-2011-2834,...

VMware hosted products and ESXi/ESX patches address privilege escalation

a. VMware Tools Incorrect Folder Permissions Privilege EscalationThe access control list of the VMware Tools folder is incorrectly set. Exploitation of this issue may lead to local privilege escalation on Windows-based Guest Operating Systems.VMware would like to thank Tavis Ormandy for reporting...