VMSA-2018-0026:VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability

VMSA-2018-0026 VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0026 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware ESXi, Workstation, and Fusion...

VMSA-2018-0025:VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability

VMSA-2018-0025 VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMSA-2018-0025 VMware Security AdvisorySeverity: Important VMware Security AdvisorySynopsis: VMware ESXi, Workstation, and Fusion...

VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) update resolves SAML authentication bypass vulnerability

The VMware Workspace ONE Unified Endpoint Management Console AirWatch Console contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based...

VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) updates resolve SAML authentication bypass vulnerability

The VMware Workspace ONE Unified Endpoint Management Console AirWatch Console contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based...

AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities

a. The AirWatch Agent for iOS devices contains a data protection vulnerability The AirWatch Agent for iOS devices contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted. VMware would like to thank Stephan Sekula of Compass Security for...

Operating System-Specific Mitigations address L1 Terminal Fault - OS vulnerability in VMware Virtual Appliances.

VMware Virtual Appliance Mitigations address L1 Terminal Fault - OS vulnerability. Successful exploitation of this issue may lead to local information disclosure of sensitive information. Unaffected products lines are documented in KB55807. The Common Vulnerabilities and Exposures project...

VMSA-2018-0022:VMware Workstation and Fusion updates address an out-of-bounds write issue

VMSA-2018-0022 VMware Workstation and Fusion updates address an out-of-bounds write issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0022 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware Workstation and Fusion updates address an...

VMSA-2018-0020:VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability.

VMSA-2018-0020 VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0020 VMware Security Advisory Severity: Important VMware Security Advisory...

VMSA-2018-0021:Operating System-Specific Mitigations address L1 Terminal Fault - OS vulnerability in VMware Virtual Appliances.

VMSA-2018-0021.2 Operating System-Specific Mitigations address L1 Terminal Fault - OS vulnerability in VMware Virtual Appliances. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0021.2 VMware Security Advisory Severity: Moderate VMware Security Advisory Synopsis: Operatin...

Horizon 6, 7, Horizon Agent, and Horizon Client for Windows updates address an out-of-bounds read vulnerability

Out-of-bounds read vulnerability in the Message Framework library Horizon 6, 7, Horizon Agent, and Horizon Client for Windows contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from ...

Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability

Out-of-bounds read vulnerability in the Message Framework library Horizon 6, 7, Horizon Agent, and Horizon Client for Windows contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from ...

VMSA-2018-0018:VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issues

VMSA-2018-0018 VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0018 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware Horizon View...

VMware Tools update addresses an out-of-bounds read vulnerability

VMware Tools for Windows VMware Tools Shared Folders out-of-bounds read vulnerability VMware Tools for Windows contains an out-of-bounds read vulnerability in the Shared Folders feature. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate...

VMSA-2018-0017:VMware Tools update addresses an out-of-bounds read vulnerability

VMSA-2018-0017.4 VMware Tools update addresses an out-of-bounds read vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0017.4 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware Tools update addresses an out-of-bounds read...

VMSA-2018-0016:VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities

VMSA-2018-0016 VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0016 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware ESXi, Workstation, a...

VMware AirWatch Agent updates resolve remote code execution vulnerability.

The VMware AirWatch Agent for Android and Windows Mobile devices contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such ...

VMware AirWatch Agent updates resolve remote code execution vulnerability.

The VMware AirWatch Agent for Android and Windows Mobile devices contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such ...

VMware Horizon Client update addresses a privilege escalation vulnerability

VMware Horizon Client for Linux Horizon Client VMware Horizon Client privilege escalation vulnerability VMware Horizon Client contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate...

VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.

vCenter Server, ESXi, Workstation, and Fusion update speculative execution control mechanism for Virtual Machines VMs. As a result, a patched Guest Operating System GOS can remediate the Speculative Store bypass issue CVE-2018-3639 using the Speculative-Store-Bypass-Disable SSBD control bit. This...

VMSA-2018-0012:VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.

VMSA-2018-0012.1 VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0012.1 VMware Security Advisory Severity: Moderate VMware Security Advisory...

VMSA-2018-0013:VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities

VMSA-2018-0013 VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0013 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware...

Unauthenticated Command Injection vulnerability in VMware SD-WAN by VeloCloud

VMware SD-WAN Edge by VeloCloud SD-WAN Edge Unauthenticated Command Injection vulnerability in VMware SD-WAN Edge by VeloCloud VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled ...

Unauthenticated Command Injection vulnerability in VMware SD-WAN Edge by VeloCloud

Unauthenticated Command Injection vulnerability in VMware SD-WAN Edge by VeloCloud VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware...

Horizon DaaS update addresses a broken authentication issue

VMware Horizon DaaS Broken authentication issue in Horizon DaaS Horizon DaaS contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. VMware woul...

VMSA-2018-0009:vRealize Automation updates address multiple security issues.

VMSA-2018-0009 vRealize Automation updates address multiple security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0009 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: vRealize Automation updates address multiple security issues...

VMSA-2018-0008:Workstation and Fusion updates address a denial-of-service vulnerability

VMSA-2018-0008 Workstation and Fusion updates address a denial-of-service vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0008 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: Workstation and Fusion updates address a...

VMware Virtual Appliance updates address side-channel analysis due to speculative execution

a. VMware Virtual Appliance Mitigations for Bounds-Check bypass Spectre-1, and Rogue data cache load issues Meltdown CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to at worst arbitrary virtual memory read vulnerabilities across...

VMSA-2018-0007:VMware Virtual Appliance updates address side-channel analysis due to speculative execution

VMSA-2018-0007.6 VMware Virtual Appliance updates address side-channel analysis due to speculative execution VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0007.6 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware Virtual Appliance...

VMSA-2018-0006:vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities

VMSA-2018-0006 vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0006 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis:...

VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue

New speculative-execution control mechanism for Virtual Machines Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines VMs. As a result, a patched Guest Operating System Guest OS can remediate the Branch Target...

VMSA-2018-0005:VMware Workstation, and Fusion updates resolve use-after-free and integer-overfLOW vulnerabilities

VMSA-2018-0005 VMware Workstation, and Fusion updates resolve use-after - free and integer-overflow vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0005 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware Workstation, and...

VMSA-2018-0004:VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue

VMSA-2018-0004.3 VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Mitigations for speculative execution issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0005 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis:...

VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.

Bounds-Check bypass and Branch Target Injection issues CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to at worst arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. Speculative...

VMSA-2018-0003:vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities

VMSA-2018-0003 vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0003 VMware Security Advisory...

VMSA-2018-0002:VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.

VMSA-2018-0002.3 VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0002.3 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware ESXi,...

VMSA-2018-0001:vSphere Data Protection (VDP) updates address multiple security issues.

VMSA-2018-0001 vSphere Data Protection VDP updates address multiple security issues. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0001 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: vSphere Data Protection VDP updates address multiple...

VMSA-2017-0021:VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities

VMSA-2017-0021 VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0021 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware ESXi,...

VMware AirWatch Console updates address Broken Access Control vulnerability.

VMware AirWatch Console AWC Broken Access Control VMware AirWatch Console AWC contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator. The Common Vulnerabilities and Exposures...

VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities

a. Heap buffer-overflow vulnerability in VMNAT device VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. VMware would like to thank Jun Mao of Tencent PC Manager working with Trend Micro's Zero Day...

VMSA-2017-0019:NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issue.

VMSA-2017-0019 NSX for vSphere update addresses NSX Edge Cross-Site Scripting XSS issue. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0019 VMware Security Advisory Severity: Moderate VMware Security Advisory Synopsis: NSX for vSphere update addresses NSX Edge Cross-Sit...

VMSA-2017-0018:VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities

VMSA-2017-0018.1 VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0018.1 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware Workstation,...

VMware AirWatch Console and Launcher for Android updates resolve multiple vulnerabilities.

a. VMware AirWatch Console stored XSS vulnerability VMware AirWatch Console contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device’s ‘Links’ page. Successful exploitation of this issue could result in an unsuspecting AWC user being...

VMSA-2017-0017:VMware vCenter Server update resolves LDAP DoS, SSRF and CRLF injection issues

VMSA-2017-0017 VMware vCenter Server update resolves LDAP DoS, SSRF and CRLF injection issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0017 VMware Security Advisory Severity: Moderate VMware Security Advisory Synopsis: VMware vCenter Server update resolves LDAP DoS...

VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities

a. Out-of-bounds write vulnerability in SVGA VMware ESXi, Workstation and Fusion contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware would like to thank Nico Golde and Ralf-Philipp Weinmann of Comsecuris UG...

VMSA-2017-0015:VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities

VMSA-2017-0015.2 VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0015.2 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware ESXi, vCente...

VMSA-2017-0012:VMware VIX API VM Direct Access Function security issue

VMSA-2017-0012 VMware VIX API VM Direct Access Function security issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0012 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware VIX API VM Direct Access Function security issue VMware...

VMSA-2017-0014:VMware NSX-V Edge updates address OSPF Protocol LSA DoS

VMSA-2017-0014 VMware NSX-V Edge updates address OSPF Protocol LSA DoS VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0014 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware NSX-V Edge updates address OSPF Protocol LSA DoS VMware...

VMSA-2017-0013:VMware vCenter Server and Tools updates resolve multiple security vulnerabilities

VMSA-2017-0013 VMware vCenter Server and Tools updates resolve multiple security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0013 VMware Security Advisory Severity: Moderate VMware Security Advisory Synopsis: VMware vCenter Server and Tools updates...

Horizon View Client update addresses a command injection vulnerability

Horizon View Client command injection vulnerability VMware Horizon View Client contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client i...

VMSA-2017-0010:vSphere Data Protection (VDP) updates address multiple security issues.

VMSA-2017-0010 vSphere Data Protection VDP updates address multiple security issues. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0010 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: vSphere Data Protection VDP updates address multiple...