VMSA-2017-0009:VMware Workstation update addresses multiple security issues

VMSA-2017-0009 VMware Workstation update addresses multiple security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0009 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware Workstation update addresses multiple security issues...

VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities

a. Unified Access Gateway and Horizon View heap buffer-overflow vulnerability VMware Unified Access Gateway and Horizon View contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway. VMware would like to thank Claudio Moletta redr2e fo...

VMSA-2017-0008:VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities

VMSA-2017-0008.2 VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0008.2 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware...

VMSA-2017-0007:VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS

VMSA-2017-0007 VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0007 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware vCenter Server updates resolve...

VMSA-2017-0006:VMware ESXi, Workstation and Fusion updates address CRITICAL and MEDIUM security issues

VMSA-2017-0006 VMware ESXi, Workstation and Fusion updates address critical and moderate security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0006 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware ESXi, Workstation and Fusion...

VMware product updates resolve remote code execution vulnerability via Apache Struts 2

Remote code execution vulnerability via Apache Struts 2 Multiple VMware products contain a remote code execution vulnerability due to the use of Apache Struts 2. Successful exploitation of this issue may result in the complete compromise of an affected product. The Common Vulnerabilities and...

VMSA-2017-0005:VMware Workstation and Fusion updates address out-of-bounds memory access vulnerability

VMSA-2017-0005 VMware Workstation and Fusion updates address out-of-bounds memory access vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0005 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware Workstation and Fusion updates...

VMSA-2017-0004:VMware product updates resolve remote code execution vulnerability via Apache Struts 2

VMSA-2017-0004.7 VMware product updates resolve remote code execution vulnerability via Apache Struts 2 VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0004.7 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware product updates resolve...

VMSA-2017-0003:VMware Workstation update addresses multiple security issues

VMSA-2017-0003 VMware Workstation update addresses multiple security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0003 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware Workstation update addresses multiple security issues...

Horizon DaaS update addresses an insecure data validation issue

a. Horizon DaaS insecure data validation Horizon DaaS contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitati...

AirWatch updates address bypass of root detection and local container encryption

a. Root detection bypass Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data. VMware would like to tha...

vSphere Data Protection (VDP) update addresses SSH key-based authentication issue

VDP SSH key-based authentication issue VDP contains a private SSH key with a known password that is configured to allow key-based authentication. Exploitation of this issue may allow an unauthorized remote attacker to log into the appliance with root privileges. VMware would like to thank Marc...

VMSA-2016-0023:VMware ESXi updates address a cross-site scripting issue

VMware Security Advisories VMSA-2016-0023 VMware ESXi updates address a cross-site scripting issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0023 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware ESXi updates address a cross-site...

VMSA-2016-0024:vSphere Data Protection (VDP) update addresses SSH key-based authentication issue

VMSA-2016-0024.1 vSphere Data Protection VDP updates address SSH Key-Based authentication issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0024.1 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: vSphere Data Protection VDP updates addres...

VMSA-2016-0021:VMware product updates address partial information disclosure vulnerability

VMSA-2016-0021 VMware product updates address partial information disclosure vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0021 VMware Security Advisory Severity: Moderate VMware Security Advisory Synopsis: VMware product updates address partial informatio...

VMSA-2016-0022:VMware product updates address information disclosure vulnerabilities

VMSA-2016-0022 VMware product updates address information disclosure vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0022 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware product updates address information disclosure...

VMSA-2016-0020:vRealize Operations update addresses REST API deserialization vulnerability

VMSA-2016-0020 vRealize Operations update addresses REST API deserialization vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0020 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: vRealize Operations update addresses REST API...

VMSA-2016-0019:VMware Workstation and Fusion updates address CRITICAL out-of-bounds memory access vulnerability

VMSA-2016-0019 VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0019 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware Workstation and Fusio...

VMware product updates address local privilege escalation vulnerability in Linux kernel

VMware product updates address local privilege escalation vulnerability in Linux kernel...

VMSA-2016-0018:VMware product updates address local privilege escalation vulnerability in Linux kernel

VMSA-2016-0018.3 VMware product updates address local privilege escalation vulnerability in Linux kernel VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0018.3 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware product updates address...

VMSA-2016-0017:VMware product updates address multiple information disclosure issues

VMSA-2016-0017 VMware product updates address multiple information disclosure issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0017 VMware Security Advisory Severity: Moderate VMware Security Advisory Synopsis: VMware product updates address multiple information...

vRealize Operations (vROps) updates address privilege escalation vulnerability

vROps privilege escalation issue vROps contains a privilege escalation vulnerability. Exploitation of this issue may allow a vROps user who has been assigned a low-privileged role to gain full access over the application. In addition it may be possible to stop and delete Virtual Machines managed ...

VMSA-2016-0016:vRealize Operations (vROps) updates address privilege escalation vulnerability

VMSA-2016-0016.1 vRealize Operations vROps updates address privilege escalation vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0016.1 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: vRealize Operations vROps updates address...

VMSA-2016-0015:VMware Horizon View updates address directory traversal vulnerability

VMSA-2016-0015 VMware Horizon View updates address directory traversal vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0015 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware Horizon View updates address directory traversa...

VMware ESXi, Workstation, Fusion, and Tools updates address multiple security issues

a. VMware Workstation heap-based buffer overflow vulnerabilities via Cortado ThinPrint VMware Workstation contains vulnerabilities that may allow a Windows-based Virtual Machine VM to trigger a heap-based buffer overflow. Exploitation of these issues may lead to arbitrary code execution in VMware...

VMSA-2016-0014:VMware ESXi, Workstation, Fusion, and Tools updates address multiple security issues

VMSA-2016-0014.1 VMware ESXi, Workstation, Fusion, and Tools updates address multiple security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0014.1 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware ESXi, Workstation, Fusion, an...

VMSA-2016-0013:VMware Identity Manager and vRealize Automation updates address multiple security issues

VMSA-2016-0013 VMware Identity Manager and vRealize Automation updates address multiple security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0013 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware Identity Manager and vRealiz...

VMSA-2016-0012:VMware Photon OS OVA default public ssh key

VMSA-2016-0012 VMware Photon OS OVA default public ssh key VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0012 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware Photon OS OVA default public ssh key VMware Security Advisory Issue date:...

VMSA-2016-0011:vRealize Log Insight update addresses directory traversal vulnerability

VMSA-2016-0011 vRealize Log Insight update addresses directory traversal vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0011 VMware Security Advisory Severity: Moderate VMware Security Advisory Synopsis: vRealize Log Insight update addresses directory...

VMware product updates address multiple important security issues

a. DLL hijacking issue in Windows-based VMware Tools A DLL hijacking vulnerability is present in the VMware Tools "Shared Folders" HGFS feature running on Microsoft Windows. Exploitation of this issue may lead to arbitrary code execution with the privileges of the victim. In order to exploit this...

VMSA-2016-0010:VMware product updates address multiple HIGH security issues

VMSA-2016-0010.1 VMware product updates address multiple important security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0010.1 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware product updates address multiple security issue...

VMSA-2016-0009:VMware vCenter Server updates address an HIGH reflected cross-site scripting issue

VMSA-2016-0009 VMware vCenter Server updates address an important reflected cross-site scripting issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0009 VMware Security Advisory Synopsis: VMware vCenter Server updates address an important reflected cross-site scripting...

VMware NSX and vCNS product updates address a critical information disclosure vulnerability

a. VMware NSX and vCNS critical information disclosure vulnerability VMware NSX and vCNS with SSL-VPN enabled contain a critical input validation vulnerability. This issue may allow a remote attacker to gain access to sensitive information. The Common Vulnerabilities and Exposures project...

VMSA-2016-0007:VMware NSX and vCNS product updates address a CRITICAL information disclosure vulnerability

VMSA-2016-0007.2 VMware NSX and vCNS product updates address a critical information disclosure vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0007.2 VMware Security Advisory Synopsis: VMware NSX and vCNS product updates address a critical information...

VMSA-2016-0008:VMware vRealize Log Insight addresses HIGH and MEDIUM security issues

VMSA-2016-0008 VMware vRealize Log Insight addresses important and moderate security issues. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0008 VMware Security Advisory Synopsis: VMware vRealize Log Insight addresses important and moderate security issues. VMware Securi...

VMSA-2016-0006:VMware vCenter Server updates address an HIGH cross-site scripting issue

VMSA-2016-0006 VMware vCenter Server updates address an important cross-site scripting issue. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0006 VMware Security Advisory Synopsis: VMware vCenter Server updates address an important cross-site scripting issue VMware...

VMware product updates address critical and important security issues

a. Critical JMX issue when deserializing authentication credentials...

VMSA-2016-0005:VMware product updates address CRITICAL and HIGH security issues

VMSA-2016-0005.5 VMware product updates address critical and important security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0005.5 VMware Security Advisory Synopsis: VMware product updates address critical and important security issues. VMware Security Advisory...

VMSA-2016-0004:VMware product updates address a CRITICAL security issue in the VMware Client Integration Plugin

VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0004 VMware Security Advisory Synopsis: VMware product updates address a critical security issue in the VMware...

VMSA-2016-0003:VMware vRealize Automation and vRealize Business Advanced and Enterprise address Cross-Site Scripting (XSS) issues.

VMSA-2016-0003 VMware vRealize Automation and vRealize Business Advanced and Enterprise address Cross-Site Scripting XSS issues. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0003 VMware Security Advisory Synopsis: VMware vRealize Automation and vRealize Business Advanc...

VMware product updates address a critical glibc security vulnerability.

a. glibc update for multiple products...

VMSA-2016-0002:VMware product updates address a CRITICAL glibc security vulnerability.

VMSA-2016-0002.1 VMware product updates address a critical glibc security vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0002.1 VMware Security Advisory Synopsis: VMware product updates address a critical glibc security vulnerability VMware Security Adviso...

VMSA-2016-0001:VMware ESXi, Fusion, Player, and Workstation updates address HIGH guest privilege escalation vulnerability

VMSA-2016-0001 VMware ESXi, Fusion, Player, and Workstation updates address important guest privilege escalation vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0001 VMware Security Advisory Synopsis: VMware ESXi, Fusion, Player, and Workstation updates...

VMware vCenter Server updates address an important reflected cross-site scripting issue

3.a Commons-collections deserialization vulnerability A deserialization vulnerability involving Apache Commons-collections and a specially constructed chain of classes exists. Successful exploitation could result in remote code execution, with the permissions of the application using the...

VMSA-2015-0009:VMware vCenter Server updates address an HIGH reflected cross-site scripting issue

VMSA-2015-0009.5 VMware product updates address a critical deserialization vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2015-0009.5 VMware Security Advisory Synopsis: VMware product updates address a critical deserialization vulnerability VMware Security...

VMware product updates address information disclosure issue.

a. vCenter Server, vCloud Director, Horizon View information disclosure issue VMware products that use Flex BlazeDS may be affected by a flaw in the processing of XML External Entity XXE requests. A specially crafted XML request sent to the server could lead to unintended information be disclosed...

VMSA-2015-0008:VMware product updates address information disclosure issue.

VMSA-2015-0008.2 VMware product updates address information disclosure issue. VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMSA-2015-0008.2 VMware Security AdvisorySynopsis: VMware product updates address information disclosure issue. VMware Security AdvisoryIssue date: 2015-11-1...

VMware vCenter and ESXi updates address critical security issues.

a. VMware ESXi OpenSLP Remote Code Execution VMware ESXi contains a double free flaw in OpenSLP's SLPDProcessMessage function. Exploitation of this issue may allow an unauthenticated attacker to remotely execute code on the ESXi host. VMware would like to thank Qinghao Tang of QIHU 360 for...

VMSA-2015-0007:VMware vCenter and ESXi updates address CRITICAL security issues.

VMSA-2015-0007.7 VMware vCenter and ESXi updates address critical security issues. VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMSA-2015-0007.7 VMware Security AdvisorySynopsis: VMware vCenter and ESXi updates address critical security issues. VMware Security AdvisoryIssue date:...

VMware vCenter Server updates address a LDAP certificate validation issue

VMware vCenter Server LDAP certificate validation vulnerability. VMware vCenter Server does not validate the certificate when connecting to a single sign on identity source using LDAPS LDAP over SSL. This applies when connecting to Active Directory as an LDAP Server or OpenLDAP. Exploitation of...