VMSA-2020-0010:VMware Cloud Director updates address Code Injection Vulnerability

Advisory ID: VMSA-2020-0010 CVSSv3 Range: 8.8 Issue Date:2020-05-19 Updated On: 2020-05-19 Initial Advisory CVEs: CVE-2020-3956 Synopsis: VMware Cloud Director updates address Code Injection Vulnerability CVE-2020-3956 RSS Feed Download PDF Download Text File Share this page on social media: 1...

VMSA-2020-0009:vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities

Advisory ID: VMSA-2020-0009.1 CVSSv3 Range: 7.5-10.0 Issue Date:2020-05-08 Updated On: 2020-05-15 Initial Advisory CVEs: CVE-2020-11651, CVE-2020-11652 Synopsis: vRealize Operations Application Remote Collector ARC addresses Authentication Bypass and Directory Traversal vulnerabilities...

VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954)

3a. Cross Site Scripting XSS vulnerabilities in vRealize Log Insight due to improper Input validation CVE-2020-3953 vRealize Log Insight does not properly validate user input, resulting in XSS vulnerabilities. VMware has evaluated the severity of this issue to be in the Important severity range...

VMSA-2020-0008:VMware ESXi patches address Stored Cross-Site Scripting (XSS) vulnerability

Advisory ID: VMSA-2020-0008 CVSSv3 Range: 8.3 Issue Date:2020-04-28 Updated On: 2020-04-28 Initial Advisory CVEs: CVE-2020-3955 Synopsis: VMware ESXi patches address Stored Cross-Site Scripting XSS vulnerability CVE-2020-3955 RSS Feed Download PDF Download Text File Share this page on social medi...

VMware vCenter Server updates address sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) (CVE-2020-3952)

3. VMware vCenter Server updates address sensitive information disclosure vulnerability in the VMware Directory Service vmdir CVE-2020-3952 Under certain conditions1 vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller PSC, does not correctl...

VMSA-2020-0007:VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities

Advisory ID: VMSA-2020-0007.2 CVSSv3 Range: 6.1 - 8.4 Issue Date:2020-04-14 Updated On: 2020-06-24 CVEs: CVE-2020-3953, CVE-2020-3954 Synopsis: VMware vRealize Log Insight addresses Cross Site Scripting XSS and Open Redirect vulnerabilities CVE-2020-3953, CVE-2020-3954 RSS Feed Download PDF...

VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates address privilege escalation and denial-of-service vulnerabilities (CVE-2020-3950, CVE-2020-3951)

3a. Privilege escalation vulnerability via setuid binaries CVE-2020-3950 VMware Fusion, VMRC for Mac and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries. VMware has evaluated the severity of this issue to be in the Important severity rang...

VMSA-2020-0006:VMware vCenter Server updates address sensitive information disclosure vulnerability in the VMware Directory Service (vmdir)

Advisory ID: VMSA-2020-0006.1 CVSSv3 Range: 10.0 Issue Date:2020-04-09 Updated On: 2020-04-16 Initial Advisory CVEs: CVE-2020-3952 Synopsis: VMware vCenter Server updates address sensitive information disclosure vulnerability in the VMware Directory Service vmdir CVE-2020-3952 RSS Feed Download P...

VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2019-5543, CVE-2020-3947, CVE-2020-3948)

3a. Use-after-free vulnerability in vmnetdhcp CVE-2020-3947 VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp.VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3. 3b. Local Privilege escalation...

VMSA-2020-0005:VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates address privilege escalation and denial-of-service vulnerabilities

Advisory ID: VMSA-2020-0005.2 CVSSv3 Range: 3.2-7.3 Issue Date:2020-03-17 Updated On: 2020-03-24 CVEs: CVE-2020-3950, CVE-2020-3951 Synopsis: VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates address privilege escalation and denial-of-service vulnerabilities...

VMSA-2020-0004:VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities

Advisory ID: VMSA-2020-0004.1 CVSSv3 Range: 7.3-9.3 Issue Date:2020-03-12 Updated On: 2020-03-14 CVEs: CVE-2019-5543, CVE-2020-3947 , CVE-2020-3948 Synopsis: VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities...

VMSA-2020-0003:vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities

Advisory ID: VMSA-2020-0003 CVSSv3 Range: 5.3-9.0 Issue Date:2020-02-18 Updated On: 2020-02-18 Initial Advisory CVEs: CVE-2020-3943, CVE-2020-3944, CVE-2020-3945 Synopsis: vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities CVE-2020-3943, CVE-2020-3944,...

VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability (CVE-2020-3940)

3. VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability CVE-2020-3940 VMware Workspace ONE SDK and dependent mobile applications do not properly handle certificate verification failures if SSL Pinning has been enabled in the...

VMSA-2020-0002:VMware Tools workaround addresses a local privilege escalation vulnerability

Advisory ID: VMSA-2020-0002 CVSSv3 Range: 7.8 Issue Date:2020-01-14 Updated On: 2020-01-14 Initial Advisory CVEs: CVE-2020-3941 Synopsis: VMware Tools workaround addresses a local privilege escalation vulnerability CVE-2020-3941 RSS Feed Download PDF Download Text File Share this page on social...

VMSA-2019-0023:VMware Workstation and Horizon View Agent updates address a DLL-hijacking issue

VMware Security Advisories Advisory ID| VMSA-2019-0023 ---|--- Advisory Severity| Moderate CVSSv3 Range| 6.3 Synopsis| VMware Workstation and Horizon View Agent updates address a DLL-hijacking issue CVE-2019-5539 Issue Date| 2019-12-20 Updated On| 2019-12-20 Initial Advisory CVEs| CVE-2019-5539 1...

VMware ESXi and Horizon DaaS updates address OpenSLP remote code execution vulnerability (CVE-2019-5544)

1. Impacted Products VMware ESXi VMware Horizon DaaS 2. Introduction A vulnerability in OpenSLP was privately reported to VMware. Patches and workarounds are available to address this vulnerability in affected VMware products. 3. VMware ESXi and Horizon DaaS updates address OpenSLP remote code...

VMSA-2019-0022:VMware ESXi and Horizon DaaS updates address OpenSLP remote code execution vulnerability

VMware Security Advisories Advisory ID| VMSA-2019-0022.1 ---|--- Advisory Severity| Critical CVSSv3 Range| 9.8 Synopsis| VMware ESXi and Horizon DaaS updates address OpenSLP remote code execution vulnerability CVE-2019-5544 Issue Date| 2019-12-05 Updated On| 2020-05-08 CVEs| CVE-2019-5544 1...

VMSA-2019-0020:VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Speculative-Execution Vulnerabilities

VMware Security Advisories Advisory ID| VMSA-2019-0020 ---|--- Advisory Severity| Moderate CVSSv3 Range| 6.5 Synopsis| VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Denial-of-Service and Speculative-Execution Vulnerabilities CVE-2018-12207, CVE-2019-1113...

VMSA-2019-0021:VMware Workstation and Fusion updates address multiple security vulnerabilities

VMware Security Advisories Advisory ID| VMSA-2019-0021 ---|--- Advisory Severity| Important CVSSv3 Range| 5.0-8.7 Synopsis| VMware Workstation and Fusion updates address multiple security vulnerabilities CVE-2019-5540, CVE-2019-5541, CVE-2019-5542 Issue Date| 2019-11-12 Updated On| 2019-11-12...

VMSA-2019-0019:VMware ESXi, Workstation and Fusion updates address a denial-of-service vulnerability

VMware Security Advisories Advisory ID| VMSA-2019-0019 ---|--- Advisory Severity| Moderate CVSSv3 Range| 6.3 Synopsis| VMware ESXi, Workstation and Fusion updates address a denial-of-service vulnerability CVE-2019-5536 Issue Date| 2019-10-24 Updated On| 2019-10-24 Initial Advisory CVEs|...

VMSA-2019-0018:VMware vCenter Server Appliance updates address sensitive information disclosure vulnerability in backup and restore functions

VMware Security Advisories Advisory ID| VMSA-2019-0018 ---|--- Advisory Severity| Moderate CVSSv3 Range| 6.8 Synopsis| VMware vCenter Server Appliance updates address sensitive information disclosure vulnerability in backup and restore functions CVE-2019-5537, CVE-2019-5538 Issue Date| 2019-10-24...

VMware SD-WAN by VeloCloud update addresses information disclosure vulnerability (CVE-2019-5533)

3. Velocloud information disclosure vulnerability CVE-2019-5533 The VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. VMware has evaluated the severity of this issue to be in the moderate severity...

VMSA-2019-0016:VMware Cloud Foundation and VMware Harbor Container Registry for PCF address broken access control vulnerability

VMware Security Advisories Advisory ID| VMSA-2019-0016 ---|--- Advisory Severity| Critical CVSSv3 Range| 9.1 Synopsis| VMware Cloud Foundation and VMware Harbor Container Registry for PCF address broken access control vulnerability CVE-2019-16919 Issue Date| 2019-10-15 Updated On| 2019-12-11 CVEs...

VMSA-2019-0015:VMware Cloud Foundation and VMware Harbor Container Registry for PCF address remote escalation of privilege vulnerability

VMware Security Advisories Advisory ID| VMSA-2019-0015 ---|--- Advisory Severity| Critical CVSSv3 Range| 9.8 Synopsis| VMware Cloud Foundation and VMware Harbor Container Registry for PCF address remote escalation of privilege vulnerability CVE-2019-16097 Issue Date| 2019-09-24 Updated On|...

VMware ESXi, Workstation, Fusion, VMRC and Horizon Client updates address use-after-free and denial of service vulnerabilities. (CVE-2019-5527, CVE-2019-5535)

3a. ESXi, Workstation, Fusion, VMRC and Horizon Client use-after-free vulnerability - CVE-2019-5527 ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severit...

VMSA-2019-0014:VMware ESXi, Workstation, Fusion, VMRC and Horizon Client updates address use-after-free and denial of service vulnerabilities.

VMware Security Advisories Advisory ID| VMSA-2019-0014.1 ---|--- Advisory Severity| Important CVSSv3 Range| 4.7-8.5 Synopsis| VMware ESXi, Workstation, Fusion, VMRC and Horizon Client updates address use-after-free and denial of service vulnerabilities. CVE-2019-5527, CVE-2019-5535 Issue Date|...

VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities. (CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534)

3a. VMware ESXi 'busybox' command injection vulnerability- CVE-2017-16544 ESXi contains a command injection vulnerability due to the use of vulnerable version of busybox that does not sanitize filenames which may result into executing any escape sequence in the shell. VMware has evaluated the...

VMSA-2019-0013:VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities.

VMware Security Advisories Advisory ID| VMSA-2019-0013.1 ---|--- Advisory Severity| Important CVSSv3 Range| 4.2-7.7 Synopsis| VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities. CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534...

VMSA-2019-0012:VMware ESXi, Workstation and Fusion updates address out-of-bounds read/write vulnerabilities

VMware Security Advisories Advisory ID| VMSA-2019-0012 ---|--- Advisory Severity| Important CVSSv3 Range| 6.3-8.5 Synopsis| VMware ESXi, Workstation and Fusion updates address out-of-bounds read/write vulnerabilities CVE-2019-5521, CVE-2019-5684 Issue Date| 2019-08-02 Updated On| 2019-08-02 Initi...

ESXi patches address partial denial of service vulnerability in hostd process (CVE-2019-5528)

3. Partial denial of service vulnerability in ESXi hostd process CVE-2019-5528 A malicious actor with network access to an ESXi host could create a partial denial of service condition in management functionality. Successful exploitation of this issue may cause hostd to become unresponsive...

VMSA-2019-0011:ESXi patches address partial denial of service vulnerability in hostd process

VMware Security Advisories Advisory ID| VMSA-2019-0011.1 ---|--- Advisory Severity| Moderate CVSSv3 Range| 5.3 Synopsis| ESXi patches address partial denial of service vulnerability in hostd process CVE-2019-5528 Issue Date| 2019-07-09 Updated On| 2019-09-03 CVEs| CVE-2019-5528 1. Impacted...

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)

3. Linux kernel vulnerabilities in TCP Selective Acknowledgement SACK CVE-2019-11477, CVE-2019-11478 CVE-2019-11477 - SACK Panic - A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic. VMware has evaluated the severity of this issue to be in...

VMSA-2019-0010:VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK)

VMware Security Advisories Advisory ID| VMSA-2019-0010.3 ---|--- Advisory Severity| Important CVSSv3 Range| 5.3 - 7.5 Synopsis| VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement SACK CVE-2019-11477, CVE-2019-11478 Issue Date| 2019-07-02 Updated On|...

VMSA-2019-0009:VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities.

VMware Security Advisories Advisory ID| VMSA-2019-0009 ---|--- Advisory Severity| Important CVSSv3 Range| 7.1-8.5 Synopsis| VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities. CVE-2019-5522, CVE-2019-5525 Issue Date| 2019-06-06 Updated On| 2019-06-0...

VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)

3a. Hypervisor-Specific Mitigations for MDS vulnerabilities - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. VMware has evaluated the...

VMSA-2019-0007:VMware Workstation update addresses a DLL-hijacking issue

VMware Security Advisories Advisory ID| VMSA-2019-0007 ---|--- Advisory Severity| Moderate CVSSv3 Range| 6.0 Synopsis| VMware Workstation update addresses a DLL-hijacking issue CVE-2019-5526 Issue Date| 2019-05-14 Updated On| 2019-05-14 Initial Advisory CVEs| CVE-2019-5526 1. Impacted Products...

VMSA-2019-0008:VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities

VMware Security Advisories Advisory ID| VMSA-2019-0008.2 ---|--- Advisory Severity| Moderate CVSSv3 Range| 3.8 - 6.5 Synopsis| VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Dat...

VMSA-2019-0006:VMware ESXi, Workstation and Fusion updates address multiple out-of-bounds read vulnerabilities

VMSA-2019-0006 VMware ESXi, Workstation and Fusion updates address multiple out-of-bounds read vulnerabilities. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2019-0006 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware ESXi, Workstation an...

VMware ESXi, Workstation and Fusion updates address multiple security issues.

a. VMware ESXi, Workstation and Fusion UHCI out-of-bounds read/write and TOCTOU vulnerabilities VMware ESXi, Workstation and Fusion contain an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use TOCTOU vulnerability in the virtual USB 1.1 UHCI Universal Host Controller Interfac...

VMSA-2019-0004:VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability

VMSA-2019-0004 VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2019-0004 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware vCloud Director for...

VMSA-2019-0005:VMware ESXi, Workstation and Fusion updates address multiple security issues.

VMSA-2019-0005.1 VMware ESXi, Workstation and Fusion updates address multiple security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2019-0005 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware ESXi, Workstation and Fusion updates...

VMware Horizon update addresses Connection Server information disclosure vulnerability.

Connection Server Information disclosure vulnerability The VMware Horizon Connection Server contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP...

VMSA-2019-0002:VMware Workstation update addresses elevation of privilege issues.

VMSA-2019-0003 VMware Horizon update addresses Connection Server information disclosure vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2019-0003 VMware Security Advisory Severity: Moderate VMware Security Advisory Synopsis: VMware Horizon update addresses...

VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime.

VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime. Successful exploitation of this issue may allow a malicious container to overwrite the contents of a host's runc binary and execute arbitrary code. Exploitation of this vulnerability requires the...

VMSA-2019-0001:VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime.

VMSA-2019-0001.3 VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2019-0001.3 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware product update...

VMSA-2018-0031:vRealize Operations updates address a local privilege escalation vulnerability

VMSA-2018-0031 vRealize Operations updates address a local privilege escalation vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0031 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: vRealize Operations updates address a local...

VMSA-2018-0030:VMware Workstation and Fusion updates address an integer overfLOW issue.

VMSA-2018-0030 VMware Workstation and Fusion updates address an integer overflow issue. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0030 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware Workstation and Fusion updates address an...

VMSA-2018-0029:vSphere Data Protection (VDP) updates address multiple security issues.

VMSA-2018-0029 vSphere Data Protection VDP updates address multiple security issues. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0029 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: vSphere Data Protection VDP updates address multiple...

VMSA-2018-0028:VMware vRealize Log Insight updates address an authorization bypass vulnerability

VMSA-2018-0028 VMware vRealize Log Insight updates address an authorization bypass vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0028 VMware Security Advisory Severity: Moderate VMware Security Advisory Synopsis: VMware vRealize Log Insight updates address...

VMSA-2018-0027:VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage

VMSA-2018-0027 VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0027 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware ESXi, Workstation, and Fusion...