VMware Security Advisory

Security Advisories

Here you can find a list of major articles covering security advisories. If you don’t find the article you are looking for, you can always use the search form on top-right side of the page to search for the topic you like.

Security Advisories

VMSA-2021-0014 – VMware ESXi Vulnerabilities – VMSA-2021-0014: VMware ESXi updates address authentication and denial of service vulnerabilities in SFCB and OpenSLP services.

VMSA-2021-0004 – vRealize Operations Manager Vulnerabilities – VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983).

VMSA-2020-0023 – VMware ESXi, Workstation, Fusion and NSX-T Vulnerabilities – VMware ESXi, Workstation, Fusion, NSX-T, and vCenter Server Appliance updates address multiple security vulnerabilities. VMware Cloud Foundation is also an impacted product.

VMware ESXi and Horizon DaaS Security Updates – VMSA-2019-0022 – VMware ESXi and Horizon DaaS use an OpenSLP version which has a heap overwrite issue. Successful exploitation of this issue may allow attackers with network access to port 427 on an ESXI host or on any Horizon DaaS management appliance to overwrite the heap of the OpenSLP service resulting in remote code execution.

VMware ESXi, Workstation, and Fusion Security Updates – VMSA-2019-0019 – This advisory documents the remediation of one issue, rated with a severity of moderate. VMware ESXi, Workstation and Fusion contain a denial-of-service vulnerability in the shader functionality.

VMSA-2019-0004 and VMSA-2019-0005 – VMware ESXi, Workstation, Fusion and vCloud Director Security Updates – VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability. VMware ESXi, Workstation and Fusion updates address multiple security issues.

VMware Security Advisory – VMSA-2018-0019 – Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability.

VMware Security Advisory – VMSA-2018-0014 – VMware Horizon Client contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Unprivileged users may escalate their privileges to root on a Linux machine where Horizon Client is installed.

VMware Security Advisory – VMSA-2018-0012 – Google and Microsoft researchers independently reported two other variants of the modern processors bugs: a new subclass of speculative execution side channel vulnerabilities known as Speculative Store Bypass (CVE-2018-3639) and a Meltdown variation, rogue system register read (CVE-2018-3640).

VMware Security Advisory – VMSA-2018-0010 – Horizon DaaS update addresses a broken authentication issue. What’s new in Horizon DaaS 8.0.0?

VMware Security Advisory – VMSA-2018-0009 – The advisory documents the remediation of two issues: one important (DOM-based cross-site scripting vulnerability which may lead to the compromise of the vRA user’s workstation) and one moderate (missing renewal of session tokens vulnerability which may lead to the hijacking of a valid vRA user’s session).

VMware Security Advisory – VMSA-2018-0008 – VMware Workstation and Fusion contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. A successfully exploitation of the vulnerability will result in a virtual machine shutdown.

VMware Security Advisory – VMSA-2018-0006 – VMSA-2018-0006 advisory documents the remediation of two issues: one critical (deserialization vulnerability which may allow code execution in vRealize Automation and vSphere Integrated Containers) and one important (a cross site request forgery vulnerability when accessing the App Catalog in AirWatch Console).

VMware Security Advisory – VMSA-2018-0005 – VMware released VMSA-2018-0005 which documents two VMware Workstation and Fusion issues: a use-after-free vulnerability and an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled.

VMware Security Advisory VMSA-2018-0004 – VMware Patches for Spectre – How to patch your vCenter / ESXi infrastructure against speculative execution vulnerabilities (Meltdown and Spectre). Products, versions, patches, order of upgrade, dependencies, warnings.

VMware Security Advisory VMSA-2018-0003 – This advisory documents the remediation of three important issues: a privilege escalation vulnerability that affects vRealize Operations for Horizon (V4H) and vRealize Operations for Published Applications (V4PA) agents, an out-of-bounds read issue that occurs via Cortado ThinPrint and affects Workstation and Horizon View Client, and a guest access control vulnerability which affects Workstation and Fusion.

VMware Security Advisory VMSA-2018-0002 – Meltdown and Spectre Vulnerabilities – VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution – Meltdown (CVE-2017-5754 – rogue data cache load) and Spectre (CVE-2017-5753 – bounds check bypass & CVE-2017-5715 – branch target injection).

VMware Security Advisory VMSA-2018-0001 – vSphere Data Protection (VDP) updates address multiple security issues. This advisory documents the remediation of three important issues: a VDP authentication bypass vulnerability, VDP arbitrary file upload vulnerability, and a VDP path traversal vulnerability.

VMware Security Advisory VMSA-2017-0021 – VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities.

VMware Security Advisory VMSA-2017-0020 – VMware AirWatch Console has a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.

VMware Security Advisories VMSA-2017-0018.1 and VMSA-2017-0019 – VMware has released information on few vulnerabilities covering Workstation, Player, Fusion, Horizon View Client and NSX.

VMware Security Advisory VMSA-2017-0017 – VMware vCenter Server update resolves LDAP DoS, SSRF and CLRF injection issues.