Security Advisories are the official notification of security-related vulnerabilities and issues impacting VMware products. Security Advisories outline complete information on how to protect impacted systems. Each advisory contains a detailed description of the security vulnerability, affected systems, threat severity, risk mitigation techniques for fixing the vulnerability and securing the system. Third-party certifications such as Common Criteria and FIPS provide independent validation of the security of VMware products. These are listed along with links to the official certificate or report. Security Hardening Guides provide prescriptive guidance for customers on how to deploy VMware products in a secure manner and also provide script examples and other information to help with security automation.
VMware Security Advisories
May 30, 2013 VMSA-2013-0007
VMSA-2013-0007VMware ESX third party update for Service Console package sudo
May 30, 2013 VMSA-2013-0004.3
VMSA-2013-0004.3VMware ESXi and ESX security update for third party library
February 21, 2013 VMSA-2013-0003
VMSA-2013-0003VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.
February 07, 2013 VMSA-2013-0002.1
VMSA-2013-0002.1VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability
February 07, 2013 VMSA-2013-0001.4
VMSA-2013-0001.4VMware vSphere security updates for the authentication service and third party libraries
December 20, 2012 VMSA-2012-0018.2
VMSA-2012-0018.2VMware security updates for vCSA, vCenter Server, and ESXi
November 15, 2012 VMSA-2012-0016
VMSA-2012-0016VMware security updates for vSphere API and ESX Service Console
November 08, 2012 VMSA-2012-0015
VMSA-2012-0015VMware Hosted Products and OVF Tool address security issues
October 04, 2012 VMSA-2012-0014
VMSA-2012-0014VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates
August 30, 2012 VMSA-2012-0013.2
VMSA-2012-0013.2VMware vSphere and vCOps updates to third party libraries
June 14, 2012 VMSA-2012-0011
VMSA-2012-0011VMware hosted products and ESXi and ESX patches address security issues
May 03, 2012 VMSA-2012-0009.2
VMSA-2012-0009.2VMware Workstation, Player, ESXi and ESX patches address critical security issues
April 12, 2012 VMSA-2012-0007.1
VMSA-2012-0007.1VMware hosted products and ESXi/ESX patches address privilege escalation
March 29, 2012 VMSA-2012-0006.2
VMSA-2012-0006.2VMware ESXi and ESX address several security issues
March 15, 2012 VMSA-2012-0005.4
VMSA-2012-0005.4VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
March 15, 2012 VMSA-2012-0004
VMSA-2012-0004VMware View privilege escalation and cross-site scripting
March 08, 2012 VMSA-2012-0002
VMSA-2012-0002VMware vCenter Chargeback Manager Information Leak and Denial of Service
March 08, 2012 VMSA-2012-0003.1
VMSA-2012-0003.1VMware VirtualCenter Update and ESX 3.5 patch update JRE
January 30, 2012 VMSA-2012-0001.2
VMSA-2012-0001.2VMware ESXi and ESX updates to third party library and ESX Service Console
November 17, 2011 VMSA-2011-0014
VMSA-2011-0014VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability
October 27, 2011 VMSA-2011-0013.3
VMSA-2011-0013.3VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
October 12, 2011 VMSA-2011-0012.3
VMSA-2011-0012.3VMware ESX third party updates for Service Console packages glibc and dhcp
October 04, 2011 VMSA-2011-0011
VMSA-2011-0011VMware hosted products address remote code execution vulnerability
July 28, 2011 VMSA-2011-0010.3
VMSA-2011-0010.3VMware ESX third party updates for Service Console packages glibc and dhcp
June 02, 2011 VMSA-2011-0009.3
VMSA-2011-0009.3VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
May 05, 2011 VMSA-2011-0008
VMSA-2011-0008VMware vCenter Server and vSphere Client security vulnerabilities
April 28, 2011 VMSA-2011-0007
VMSA-2011-0007VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
April 12, 2011 VMSA-2011-0005.3
VMSA-2011-0005.3VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability
March 07, 2011 VMSA-2011-0004.3
VMSA-2011-0004.3VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
February 10, 2011 VMSA-2011-0003.2
VMSA-2011-0003.2Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
February 07, 2011 VMSA-2011-0002
VMSA-2011-0002Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi
January 04, 2011 VMSA-2011-0001.3
VMSA-2011-0001.3VMware ESX third party updates for Service Console packages glibc, sudo, and openldap
December 21, 2010 VMSA-2010-0020.1
VMSA-2010-0020.1VMware ESXi 4.1 Update Installer SFCB Authentication Flaw
December 07, 2010 VMSA-2010-0019.3
VMSA-2010-0019.3VMware ESX third party updates for Service Console
December 02, 2010 VMSA-2010-0018
VMSA-2010-0018VMware hosted products and ESX patches resolve multiple security issues
November 29, 2010 VMSA-2010-0017.1
VMSA-2010-0017.1VMware ESX third party update for Service Console kernel
November 16, 2010 VMSA-2010-0016.1
VMSA-2010-0016.1VMware ESXi and ESX third party updates for Service Console and Likewise components
September 30, 2010 VMSA-2010-0015.1
VMSA-2010-0015.1VMware ESX third party updates for Service Console
September 24, 2010 VMSA-2010-0014.1
VMSA-2010-0014.1VMware Workstation, Player, and ACE address several security issues.
August 31, 2010 VMSA-2010-0013.3
VMSA-2010-0013.3VMware ESX third party updates for Service Console
July 12, 2010 VMSA-2010-0011
VMSA-2010-0011VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0.
June 19, 2010 VMSA-2010-0012.2
VMSA-2010-0012.2VMware vCenter Update Manager fix for Jetty Web server addresses important security vulnerabilities
May 27, 2010 VMSA-2010-0009.2
VMSA-2010-0009.2ESXi utilities and ESX Service Console third party updates
May 05, 2010 VMSA-2010-0008
VMSA-2010-0008VMware View 3.1.3 addresses an important cross-site scripting vulnerability
April 09, 2010 VMSA-2010-0007.1
VMSA-2010-0007.1VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
February 16, 2010 VMSA-2010-0003.1
VMSA-2010-0003.1VMSA-2010-0003.1 ESX Service Console update for net-snmp
January 29, 2010 VMSA-2010-0002.4
VMSA-2010-0002.4VMware vCenter update release addresses multiple security issues in Java JRE
January 08, 2010 VMSA-2010-0001.1
VMSA-2010-0001.1ESX Service Console and vMA updates for nss and nspr
December 15, 2009 VMSA-2009-0017
VMSA-2009-0017VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues
November 20, 2009 VMSA-2009-0016.6
VMSA-2009-0016.6VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
October 27, 2009 VMSA-2009-0015
VMSA-2009-0015VMware hosted products and ESX patches resolve two security issues
October 16, 2009 VMSA-2009-0014.3
VMSA-2009-0014.3VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
September 04, 2009 VMSA-2009-0012
VMSA-2009-0012VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.
August 31, 2009 VMSA-2009-0011
VMSA-2009-0011VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0
August 29, 2009 VMSA-2009-0010.1
VMSA-2009-0010.1VMware Hosted products update libpng and Apache HTTP Server
May 28, 2009 VMSA-2009-0007
VMSA-2009-0007VMware Hosted products and ESX and ESXi patches resolve security issues
April 10, 2009 VMSA-2009-0006
VMSA-2009-0006VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
April 03, 2009 VMSA-2009-0005
VMSA-2009-0005VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
March 31, 2009 VMSA-2009-0004.3
VMSA-2009-0004.3ESX Service Console updates for openssl, bind, and vim
February 26, 2009 VMSA-2009-0003
VMSA-2009-0003ESX 2.5.5 patch 12 updates service console packag ed
February 23, 2009 VMSA-2009-0002.2
VMSA-2009-0002.2VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
January 30, 2009 VMSA-2009-0001.1
VMSA-2009-0001.1ESX patches address an issue loading corrupt virtual disks and update Service Console packages
December 03, 2008 VMSA-2008-0019.1
VMSA-2008-0019.1VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
November 06, 2008 VMSA-2008-0018
VMSA-2008-0018VMware Hosted products and patches for ESX and ESXi resolve two security issues
October 31, 2008 VMSA-2008-0017.2
VMSA-2008-0017.2Updated ESX packages for libxml2, ucd-snmp, libtiff
October 03, 2008 VMSA-2008-0016.3
VMSA-2008-0016.3VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
September 18, 2008 VMSA-0008-0015
VMSA-0008-0015Updated ESXi and ESX 3.5 packages address critical security issue in openwsman
September 02, 2008 VMSA-2008-0014.3
VMSA-2008-0014.3Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues.
August 12, 2008 VMSA-2008-0012
VMSA-2008-0012Updated VirtualCenter addresses User Account Disclosure Vulnerability
July 28, 2008 VMSA-2008-0011.3
VMSA-2008-0011.3Updated ESX service console packages for Samba and vmnix
June 16, 2008 VMSA-2008-0010.3
VMSA-2008-0010.3Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
June 04, 2008 VMSA-2008-0009.2
VMSA-2008-0009.2Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
May 30, 2008 VMSA-2008-0008
VMSA-2008-0008Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues
April 16, 2008 VMSA-2008-0007.2
VMSA-2008-0007.2Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
March 17, 2008 VMSA-2008-0005
VMSA-2008-0005Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line
February 04, 2008 VMSA-2008-0003
VMSA-2008-0003Updated aacraid driver and Samba and Python service console updates
January 07, 2008 VMSA-2008-0002
VMSA-2008-0002Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.
September 18, 2007 VMSA-2007-0006
VMSA-2007-0006Updated versions of all supported hosted products and all ESX 2x products and patches for ESX 30x address critical security updates. Service Console security updates for samba, bind, krb5, vixie-cron, shadow-utils, openldap, pam, gcc, and gdb packages.
July 05, 2007 VMSA-2007-0005
VMSA-2007-0005Updated Service Console packages (XFree86, UP and SMP kernels, Kerberos libraries) resolve security issues.
