VMSA-2015-0006:VMware vCenter Server updates address a LDAP certificate validation issue

VMSA-2015-0006.1 VMware vCenter Server updates address a LDAP certificate validation issue VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMSA-2015-0006.1 VMware Security AdvisorySynopsis: VMware vCenter Server updates address a LDAP certificate validation issue VMware Security...

VMSA-2015-0005:VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability

VMSA-2015-0005 VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMSA-2015-0005 VMware Security AdvisorySynopsis: VMware Workstation, Player and Horizon View Client...

VMSA-2015-0004:VMware Workstation, Fusion and Horizon View Client updates address CRITICAL security issues

VMSA-2015-0004 VMware Workstation, Fusion and Horizon View Client updates address critical security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2015-0004 VMware Security Advisory Synopsis: VMware Workstation, Fusion and Horizon View Client updates address critical...

VMware product updates address critical information disclosure issue in JRE.

a. Oracle JRE Update Oracle JRE is updated in VMware products to address a critical security issue that existed in earlier releases of Oracle JRE. VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593, as documented in the Oracle Jav...

VMSA-2015-0003:VMware product updates address CRITICAL information disclosure issue in JRE.

VMSA-2015-0003.14 VMware product updates address critical information disclosure issue in JRE VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2015-0003.14 VMware Security Advisory Synopsis: VMware product updates address critical information disclosure issue in JRE VMware...

VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues

a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability VMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege escalation on the host. The vulnerability does not allow for privilege...

VMSA-2015-0002:VMware vSphere Data Protection product update addresses a certificate validation vulnerability.

VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2015-0002 VMware Security Advisory Synopsis: VMware vSphere Data Protection product update addresses a certificate...

VMSA-2015-0001:VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues

VMSA-2015-0001.2 VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2015-0001.2 VMware Security Advisory Synopsis: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates...

AirWatch by VMware product update addresses information disclosure vulnerabilities

a. AirWatch by VMware information disclosure vulnerability AirWatch by VMware has direct object reference vulnerabilities. These issues may allow a user that manages an AirWatch deployment in a multi-tenant environment to view the organizational information and statistics of another tenant.AirWat...

VMSA-2014-0013:VMware vCloud Automation Center product updates address a CRITICAL remote privilege escalation vulnerability

VMSA-2014-0013 VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0013 VMware Security Advisory Synopsis: VMware vCloud Automation Center product updates address a...

VMware vSphere product updates address security vulnerabilities

a. VMware vCSA cross-site scripting vulnerabilityVMware vCenter Server Appliance vCSA contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMwar...

VMSA-2014-0012:VMware vSphere product updates address security vulnerabilities

VMSA-2014-0012.1 VMware vSphere product updates address security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0012.1 VMware Security Advisory Synopsis: VMware vSphere product updates address security vulnerabilities VMware Security Advisory Issue date:...

VMSA-2014-0011:VMware vSphere Data Protection product update addresses a CRITICAL information disclosure vulnerability.

VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0011 VMware Security Advisory Synopsis: VMware vSphere Data Protection product update addresses a critic...

VMware product updates address critical Bash security vulnerabilities

a. Bash update for multiple products. Bash libraries have been updated in multiple products to resolve multiple critical security issues, also referred to as Shellshock.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the identifiers CVE-2014-6271, CVE-2014-7169,...

VMSA-2014-0010:VMware product updates address CRITICAL Bash security vulnerabilities

VMSA-2014-0010.13 VMware product updates address critical Bash security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0010.13 VMware Security Advisory Synopsis: VMware product updates address critical Bash security vulnerabilities VMware Security Advisor...

VMware vSphere product updates to third party libraries

a. vCenter Server Apache Struts Update The Apache Struts library is updated to address a security issue.This issue may lead to remote code execution after authentication.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the identifier CVE-2014-0114 to this issue.Column 4...

VMSA-2014-0009:VMware NSX and vCNS product updates address a CRITICAL information disclosure vulnerability.

VMSA-2014-0009 VMware NSX and vCNS product updates address a critical information disclosure vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0009 VMware Security Advisory Synopsis: VMware NSX and vCNS product updates address a critical information disclosur...

VMSA-2014-0008:VMware vSphere product updates to third party libraries

VMSA-2014-0008.2 VMware vSphere product updates to third party libraries VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0008.2 VMware Security Advisory Synopsis: VMware vSphere product updates to third party libraries VMware Security Advisory Issue date: 2014-09-09 VMwar...

VMware product updates address security vulnerabilities in Apache Struts library

The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2014-0050, CVE-2014-0094, and CVE-2014-0112 to these issues.CVE-2014-0112 may lead to remote code execution. This...

VMSA-2014-0007:VMware product updates address security vulnerabilities in Apache Struts library

VMSA-2014-0007.2 VMware product updates address security vulnerabilities in Apache Struts library VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0007.2 VMware Security Advisory Synopsis: VMware product updates address security vulnerabilities in Apache Struts library...

VMware product updates address OpenSSL security vulnerabilities

a. OpenSSL update for multiple products. OpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2014-0224, CVE-2014-0198,...

VMSA-2014-0006:VMware product updates address OpenSSL security vulnerabilities

VMSA-2014-0006.11 VMware product updates address OpenSSL security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0006.11 VMware Security Advisory Synopsis: VMware product updates address OpenSSL security vulnerabilities VMware Security Advisory Issue date...

VMSA-2014-0005:VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation

VMSA-2014-0005 VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0005 VMware Security Advisory Synopsis: VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege...

VMware product updates address OpenSSL security vulnerabilities

a. Information Disclosure vulnerability in OpenSSL third party library The OpenSSL library is updated to version openssl-1.0.1g to resolve multiple security issuesThe Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2014-0076 and CVE-2014-0160 to these issues...

VMSA-2014-0004:VMware product updates address OpenSSL security vulnerabilities

VMSA-2014-0004.7 VMware product updates address OpenSSL security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0004.7 VMware Security Advisory Synopsis: VMware product updates address OpenSSL security vulnerabilities VMware Security Advisory Issue date:...

VMSA-2014-0003:VMware vSphere Client updates address security vulnerabilities

VMSA-2014-0003 VMware vSphere Client updates address security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0003 VMware Security Advisory Synopsis: VMware vSphere Client updates address security vulnerabilities VMware Security Advisory Issue date:...

VMware vSphere updates to third party libraries

a. DDoS vulnerability in NTP third party libraries The NTP daemon has a DDoS vulnerability in the handling of the "monlist" command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack.MitigationMitigation f...

VMSA-2014-0002:VMware vSphere updates to third party libraries

VMSA-2014-0002.4 VMware vSphere updates to third party libraries VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0002.4 VMware Security Advisory Synopsis: VMware vSphere updates to third party libraries VMware Security Advisory Issue date: 2014-03-11 VMware Security...

VMSA-2014-0001:VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues

VMSA-2014-0001 VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0001 VMware Security Advisory Synopsis: VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director addre...

VMSA-2013-0016:VMware ESXi and ESX unauthorized file access through vCenter Server and ESX

VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0016 VMware Security Advisory Synopsis: VMware ESXi and ESX unauthorized file access through vCenter Server and ESX VMware Security...

VMSA-2013-0015:VMware ESX updates to third party libraries

VMSA-2013-0015 VMware ESX updates to third party libraries VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0015 VMware Security Advisory Synopsis: VMware ESX updates to third party libraries VMware Security Advisory Issue date: 2013-12-05 VMware Security Advisory Updated...

VMSA-2013-0014:VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation

VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0014 VMware Security Advisory Synopsis: VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalati...

VMSA-2013-0013:VMware Workstation host privilege escalation vulnerability

VMSA-2013-0013 VMware Workstation host privilege escalation vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0013 VMware Security Advisory Synopsis: VMware Workstation host privilege escalation vulnerability VMware Security Advisory Issue date: 2013-11-14...

VMware vSphere updates address multiple vulnerabilities

a. VMware ESXi and ESX contain a vulnerability in hostd-vmdb. To exploit this vulnerability, an attacker must intercept and modify the management traffic. Exploitation of the issue may lead to a Denial of Service of the hostd-vmdb service. To reduce the likelihood of exploitation, vSphere...

VMSA-2013-0012:VMware vSphere updates address multiple vulnerabilities

VMSA-2013-0012.1 VMware vSphere updates address multiple vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0012.1 VMware Security Advisory Synopsis: VMware vSphere updates address multiple vulnerabilities VMware Security Advisory Issue date: 2013-10-17 VMwar...

VMSA-2013-0011:VMware ESXi and ESX address an NFC Protocol Unhandled Exception

VMSA-2013-0011 VMware ESXi and ESX address an NFC Protocol Unhandled Exception VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0011 VMware Security Advisory Synopsis: VMware ESXi and ESX address an NFC Protocol Unhandled Exception VMware Security Advisory Issue date:...

VMSA-2013-0010:VMware Workstation host privilege escalation vulnerability

VMSA-2013-0010 VMware Workstation host privilege escalation vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0010 VMware Security Advisory Synopsis: VMware Workstation host privilege escalation vulnerability VMware Security Advisory Issue date: 2013-08-22...

VMware vSphere, ESX and ESXi updates to third party libraries

a. vCenter Server and ESX userworld update for OpenSSL library The userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2013-0169 and CVE-2013-0166 to these...

VMSA-2013-0009:VMware vSphere, ESX and ESXi updates to third party libraries

VMSA-2013-0009.3 VMware vSphere, ESX and ESXi updates to third party libraries VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0009.3 VMware Security Advisory Synopsis: VMware vSphere, ESX and ESXi updates to third party libraries VMware Security Advisory Issue date:...

VMSA-2013-0008:VMware vCenter Chargeback Manager Remote Code Execution

VMSA-2013-0008 VMware vCenter Chargeback Manager Remote Code Execution VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0008 VMware Security Advisory Synopsis: VMware vCenter Chargeback Manager Remote Code Execution VMware Security Advisory Issue date: 2013-06-11 VMware...

VMware ESX patch address security issues

a. Service Console update for sudoThe service console package sudo is updated to version 1.7.2p1-14.el58.3The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2012-2337 and CVE-2012-3440 to the issue addressed in this update. Column 4 of the following table lis...

VMSA-2013-0007:VMware ESX patch address security issues

VMSA-2013-0007.1 VMware ESX third party update for Service Console package sudo VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0007.1 VMware Security Advisory Synopsis: VMware ESX third party update for Service Console package sudo VMware Security Advisory Issue date:...

VMware security updates for vCenter Server

a. vCenter Server AD anonymous LDAP binding credential by-passvCenter Server when deployed in an environment that uses Active Directory AD with anonymous LDAP binding enabled doesn't properly handle login credentials. In this environment, authenticating to vCenter Server with a valid user name an...

VMSA-2013-0006:VMware security updates for vCenter Server

VMSA-2013-0006.1 VMware security updates for vCenter Server VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0006.1 VMware Security Advisory Synopsis: VMware security updates for vCenter Server VMware Security Advisory Issue date: 2013-04-25 VMware Security Advisory Update...

VMSA-2013-0005:VMware vFabric Postgres security updates

VMSA-2013-0005 VMware vFabric Postgres security updates VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0005 VMware Security Advisory Synopsis: VMware vFabric Postgres security updates VMware Security Advisory Issue date: 2013-04-04 VMware Security Advisory Updated on:...

VMware ESXi and ESX security update for third party library

a. Update to ESX/ESXi libxml2 userworld and service console. The ESX/ESXi userworld libxml2 library has been updated to resolve a security issue. Also, the ESX service console libxml2 packages are updated to the following versions: The Common Vulnerabilities and Exposures project cve.mitre.org ha...

VMSA-2013-0004:VMware ESXi and ESX security update for third party library

VMSA-2013-0004.3 VMware ESXi and ESX security update for third party library VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0004.3 VMware Security Advisory Synopsis: VMware ESXi and ESX security update for third party library VMware Security Advisory Issue date: 2013-03-...

VMSA-2013-0003:VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.

VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0003 VMware Security Advisory Synopsis: VMware vCenter Server, ESXi and ESX address an NFC...

VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability

a. VMware VMCI privilege escalation VMware ESX, Workstation, Fusion, and View contain a vulnerability in the handling of control code in vmci.sys. A local malicious user may exploit this vulnerability to manipulate the memory allocation through the Virtual Machine Communication Interface VMCI cod...

VMSA-2013-0002:VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability

VMSA-2013-0002.1 VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0002.1 VMware Security Advisory Synopsis: VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability...