VMware Security Advisories document remediation for security vulnerabilities that are reported in VMware products.

Sign up on the right-hand side of this page to receive new and updated advisories in e-mail.  

November 22, 2016

VMSA-2016-0022

VMware product updates address information disclosure vulnerabilities

November 22, 2016

VMSA-2016-0021

VMware product updates address partial information disclosure vulnerability

November 15, 2016

VMSA-2016-0020

vRealize Operations update addresses REST API deserialization vulnerability

November 13, 2016

VMSA-2016-0019

VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability

November 09, 2016

VMSA-2016-0018.3

VMware product updates address local privilege escalation vulnerability in Linux kernel

October 25, 2016

VMSA-2016-0017

VMware product updates address multiple information disclosure issues

October 11, 2016

VMSA-2016-0016.1

vRealize Operations (vROps) updates address privilege escalation vulnerability

October 06, 2016

VMSA-2016-0015

VMware Horizon View updates address directory traversal vulnerability

September 13, 2016

VMSA-2016-0014

VMware ESXi, Workstation, Fusion, and Tools updates address multiple security issues

August 23, 2016

VMSA-2016-0013

VMware Identity Manager and vRealize Automation updates address multiple security issues

August 15, 2016

VMSA-2016-0012

VMware Photon OS OVA default public ssh key

August 12, 2016

VMSA-2016-0011

vRealize Log Insight update addresses directory traversal vulnerability

August 04, 2016

VMSA-2016-0010.1

VMware product updates address multiple important security issues

June 14, 2016

VMSA-2016-0009

VMware vCenter Server updates address an important reflected cross-site scripting issue

June 09, 2016

VMSA-2016-0008

VMware vRealize Log Insight addresses important and moderate security issues

June 08, 2016

VMSA-2016-0007.2

VMware NSX and vCNS product updates address a critical information disclosure vulnerability

May 24, 2016

VMSA-2016-0006

VMware vCenter Server updates address an important cross-site scripting issue

May 17, 2016

VMSA-2016-0005.5

VMware product updates address critical and important security issues

April 14, 2016

VMSA-2016-0004

VMware product updates address a critical security issue in the VMware Client Integration Plugin

March 15, 2016

VMSA-2016-0003

VMware vRealize Automation and vRealize Business Advanced and Enterprise address Cross-Site Scripting (XSS) issues.

February 22, 2016

VMSA-2016-0002.1

VMware product updates address a critical glibc security vulnerability.

January 07, 2016

VMSA-2016-0001

VMware ESXi, Fusion, Player, and Workstation updates address important guest privilege escalation vulnerability

December 18, 2015

VMSA-2015-0009.5

VMware vCenter Server updates address an important reflected cross-site scripting issue

November 18, 2015

VMSA-2015-0008.1

VMware product updates address information disclosure issue.

September 30, 2015

VMSA-2015-0007.6

VMware vCenter and ESXi updates address critical security issues.

September 16, 2015

VMSA-2015-0006.1

VMware vCenter Server updates address a LDAP certificate validation issue

July 09, 2015

VMSA-2015-0005

VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability

June 09, 2015

VMSA-2015-0004

VMware Workstation, Fusion and Horizon View Client updates address critical security issues

April 02, 2015

VMSA-2015-0003.14

VMware product updates address critical information disclosure issue in JRE.

January 29, 2015

VMSA-2015-0002

VMware vSphere Data Protection product update addresses a certificate validation vulnerability.

January 27, 2015

VMSA-2015-0001.2

VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues

December 10, 2014

VMSA-2014-0014

AirWatch by VMware product update addresses information disclosure vulnerabilities

December 09, 2014

VMSA-2014-0013

VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability

December 04, 2014

VMSA-2014-0012.1

VMware vSphere product updates address security vulnerabilities

October 22, 2014

VMSA-2014-0011

VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability.

September 30, 2014

VMSA-2014-0010.13

VMware product updates address critical Bash security vulnerabilities

September 11, 2014

VMSA-2014-0009

VMware NSX and vCNS product updates address a critical information disclosure vulnerability.

September 09, 2014

VMSA-2014-0008.2

VMware vSphere product updates to third party libraries

June 24, 2014

VMSA-2014-0007.2

VMware product updates address security vulnerabilities in Apache Struts library

June 10, 2014

VMSA-2014-0006.11

VMware product updates address OpenSSL security vulnerabilities

May 29, 2014

VMSA-2014-0005

VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation

April 14, 2014

VMSA-2014-0004.7

VMware product updates address OpenSSL security vulnerabilities

April 10, 2014

VMSA-2014-0003

VMware vSphere Client updates address security vulnerabilities

March 11, 2014

VMSA-2014-0002.4

VMware vSphere updates to third party libraries

January 16, 2014

VMSA-2014-0001

VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues

December 22, 2013

VMSA-2013-0016

VMware ESXi and ESX unauthorized file access through vCenter Server and ESX

December 05, 2013

VMSA-2013-0015

VMware ESX updates to third party libraries

December 03, 2013

VMSA-2013-0014

VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation

November 14, 2013

VMSA-2013-0013

VMware Workstation host privilege escalation vulnerability

October 17, 2013

VMSA-2013-0012.1

VMware vSphere updates address multiple vulnerabilities

August 29, 2013

VMSA-2013-0011

VMware ESXi and ESX address an NFC Protocol Unhandled Exception

August 22, 2013

VMSA-2013-0010

VMware Workstation host privilege escalation vulnerability

July 31, 2013

VMSA-2013-0009.3

VMware vSphere, ESX and ESXi updates to third party libraries

June 11, 2013

VMSA-2013-0008

VMware vCenter Chargeback Manager Remote Code Execution

May 30, 2013

VMSA-2013-0007.1

VMware ESX patch address security issues

April 25, 2013

VMSA-2013-0006.1

VMware security updates for vCenter Server

April 04, 2013

VMSA-2013-0005

VMware vFabric Postgres security updates

March 28, 2013

VMSA-2013-0004.3

VMware ESXi and ESX security update for third party library

February 21, 2013

VMSA-2013-0003

VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.

February 07, 2013

VMSA-2013-0002.1

VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability

January 31, 2013

VMSA-2013-0001.5

VMware vSphere security updates for the authentication service and third party libraries

December 20, 2012

VMSA-2012-0018.2

VMware security updates for vCSA, vCenter Server, and ESXi

December 13, 2012

VMSA-2012-0017

VMware View Server directory traversal

November 15, 2012

VMSA-2012-0016

VMware security updates for vSphere API and ESX Service Console

November 08, 2012

VMSA-2012-0015

VMware Hosted Products and OVF Tool address security issues

October 04, 2012

VMSA-2012-0014

VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates

August 30, 2012

VMSA-2012-0013.2

VMware vSphere and vCOps updates to third party libraries

July 12, 2012

VMSA-2012-0012.2

VMware ESXi update to third party library

June 14, 2012

VMSA-2012-0011

VMware hosted products and ESXi and ESX patches address security issues

May 25, 2012

VMSA-2012-0010

VMware vMA addresses a security issue

May 03, 2012

VMSA-2012-0009.2

VMware Workstation, Player, ESXi and ESX patches address critical security issues

April 26, 2012

VMSA-2012-0008.1

VMware ESX updates to ESX Service Console

April 12, 2012

VMSA-2012-0007.1

VMware hosted products and ESXi/ESX patches address privilege escalation

March 29, 2012

VMSA-2012-0006.2

VMware ESXi and ESX address several security issues

March 15, 2012

VMSA-2012-0004

VMware View privilege escalation and cross-site scripting

March 15, 2012

VMSA-2012-0005.4

VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues

March 08, 2012

VMSA-2012-0002

VMware vCenter Chargeback Manager Information Leak and Denial of Service

March 08, 2012

VMSA-2012-0003.1

VMware VirtualCenter Update and ESX 3.5 patch update JRE

January 30, 2012

VMSA-2012-0001.2

VMware ESXi and ESX updates to third party library and ESX Service Console

November 17, 2011

VMSA-2011-0014

VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability

October 27, 2011

VMSA-2011-0013.3

VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

October 12, 2011

VMSA-2011-0012.3

VMware ESXi and ESX updates to third party libraries and ESX Service Console

October 04, 2011

VMSA-2011-0011

Hosted product updates address a remote code execution vulnerability in the way UDF file systems are handled

July 28, 2011

VMSA-2011-0010.3

VMware ESX third party updates for Service Console packages glibc and dhcp

June 02, 2011

VMSA-2011-0009.3

VMware hosted product updates, ESX patches and VI Client update resolve multiple security issue

May 05, 2011

VMSA-2011-0008

VMware vCenter Server and vSphere Client security vulnerabilities

April 28, 2011

VMSA-2011-0007

VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console

March 29, 2011

VMSA-2011-0006.1

VMware vmrun utility local privilege escalation

March 14, 2011

VMSA-2011-0005.3

VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability

March 07, 2011

VMSA-2011-0004.3

VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

February 07, 2011

VMSA-2011-0002

Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi

February 06, 2011

VMSA-2011-0003.2

Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi

January 04, 2011

VMSA-2011-0001.3

VMware ESX third party updates for Service Console packages glibc, sudo, and openldap

December 21, 2010

VMSA-2010-0020.1

VMware ESXi 4.1 Update Installer SFCB Authentication Flaw

December 07, 2010

VMSA-2010-0019.3

VMware ESX third party updates for Service Console

December 02, 2010

VMSA-2010-0018

VMware hosted products and ESX patches resolve multiple security issues

November 29, 2010

VMSA-2010-0017.1

VMware ESX third party update for Service Console kernel

November 16, 2010

VMSA-2010-0015.1

VMware ESX third party updates for Service Console

November 15, 2010

VMSA-2010-0016.1

VMware ESXi and ESX third party updates for Service Console and Likewise components

September 23, 2010

VMSA-2010-0014.1

VMware Workstation, Player, and ACE address several security issues.

August 31, 2010

VMSA-2010-0013.3

VMware ESX third party updates for Service Console

July 19, 2010

VMSA-2010-0012.2

VMware vCenter Update Manager fix for Jetty Web server addresses important security vulnerabilities

July 12, 2010

VMSA-2010-0011

VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0.

June 24, 2010

VMSA-2010-0010

ESX 3.5 third party update for Service Console kernel

May 27, 2010

VMSA-2010-0009.2

ESXi utilities and ESX Service Console third party updates

May 05, 2010

VMSA-2010-0008

VMware View 3.1.3 addresses an important cross-site scripting vulnerability

April 09, 2010

VMSA-2010-0007.1

VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

April 01, 2010

VMSA-2010-0006.1

ESX Service Console updates for samba and acpid

March 29, 2010

VMSA-2010-0005

VMware products address vulnerabilities in WebAccess

March 03, 2010

VMSA-2010-0004.5

ESX Service Console and vMA third party updates

March 03, 2010

VMSA-2010-0001.1

ESX Service Console and vMA updates for nss and nspr

February 16, 2010

VMSA-2010-0003.1

VMSA-2010-0003.1 ESX Service Console update for net-snmp

January 29, 2010

VMSA-2010-0002.4

VMware vCenter update release addresses multiple security issues in Java JRE

December 15, 2009

VMSA-2009-0017

VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues

November 20, 2009

VMSA-2009-0016.6

VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components

October 27, 2009

VMSA-2009-0015

VMware hosted products and ESX patches resolve two security issues

October 16, 2009

VMSA-2009-0014.3

VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues

October 01, 2009

VMSA-2009-0013

VMware Fusion resolves two security issues

September 18, 2009

VMSA-2008-0015

Updated ESXi and ESX 3.5 packages address critical security issue in openwsman

September 04, 2009

VMSA-2009-0012

VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.

August 31, 2009

VMSA-2009-0011

VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0

August 20, 2009

VMSA-2009-0010.1

VMware Hosted products update libpng and Apache HTTP Server

July 10, 2009

VMSA-2009-0009

ESX Service Console updates for udev, sudo, and curl

June 30, 2009

VMSA-2009-0008.2

ESX Service Console update for krb5

May 28, 2009

VMSA-2009-0007

VMware Hosted products and ESX and ESXi patches resolve security issues

April 10, 2009

VMSA-2009-0006

VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability

April 03, 2009

VMSA-2009-0005

VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues

March 31, 2009

VMSA-2009-0004.3

ESX Service Console updates for openssl, bind, and vim

February 23, 2009

VMSA-2009-0002.2

VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27

January 30, 2009

VMSA-2009-0001.1

ESX patches address an issue loading corrupt virtual disks and update Service Console packages

January 26, 2009

VMSA-2009-0003

ESX 2.5.5 patch 12 updates service console packag ed

December 08, 2008

VMSA-2008-0012

Updated VirtualCenter addresses User Account Disclosure Vulnerability

December 02, 2008

VMSA-2008-0019.1

VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2

November 06, 2008

VMSA-2008-0018

VMware Hosted products and patches for ESX and ESXi resolve two security issues

October 30, 2008

VMSA-2008-0017.2

Updated ESX packages for libxml2, ucd-snmp, libtiff

October 03, 2008

VMSA-2008-0016.3

VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

August 29, 2008

VMSA-2008-0014.3

Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues.

August 12, 2008

VMSA-2008-0013.4

Updated ESX packages for OpenSSL, net-snmp, perl

July 28, 2008

VMSA-2008-0011.3

Updated ESX service console packages for Samba and vmnix

June 16, 2008

VMSA-2008-0010.3

Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter

June 04, 2008

VMSA-2008-0009.2

Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

May 30, 2008

VMSA-2008-0008

Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues

April 15, 2008

VMSA-2008-0007.2

Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

March 28, 2008

VMSA-2008-0006.1

Updated libxml2 service console package

March 17, 2008

VMSA-2008-0005.1

Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line

March 03, 2008

VMSA-2008-0004.1

Updated e2fsprogs service console package

February 04, 2008

VMSA-2008-0003.1

Updated aacraid driver and Samba and Python service console updates

January 07, 2008

VMSA-2008-0001.1

Updated service console patches.

January 07, 2008

VMSA-2008-0002.1

Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.

September 18, 2007

VMSA-2007-0006

Updated versions of all supported hosted products and all ESX 2x products and patches for ESX 30x address critical security updates. Service Console security updates for samba, bind, krb5, vixie-cron, shadow-utils, openldap, pam, gcc, and gdb packages.

July 05, 2007

VMSA-2007-0005

Updated Service Console packages (XFree86, UP and SMP kernels, Kerberos libraries) resolve security issues.

Sign up for Security Advisories

Enter your email address::