This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2018-0031 – vRealize Operations updates address a local privilege escalation vulnerability” This documents the remediation of an important severity local privilege escalation vulnerability (CVE-2018-6978) in vRealize Operations (vROps). The issue exists due to improper permissions of support scripts. Admin** user of the vROps application with shell access may exploit this issue to elevate the privileges to root Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Greetings from the VMware Security Response Center! Yesterday Kubernetes disclosed CVE-2018-1002105 – a critical severity vulnerability in the Kubernetes API server. For more details on the vulnerability please see Kubernetes’ announcement here: https://discuss.kubernetes.io/t/kubernetes-security-announcement-v1-10-11-v1-11-5-v1-12-3-released-to-address-cve-2018-1002105/3700 This vulnerability affects the following VMware products: -VMware Pivotal Container Service (PKS) -VMware vCloud Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — On November 20th 2018 VMware released the following new security advisory: VMSA-2018-0029 – vSphere Data Protection (VDP) updates address multiple security issues. This documents several critical, important and moderate severity issues affecting VDP. VDP is based on Dell EMC Avamar Virtual Edition. Issue (a) is a critical severity remote code execution vulnerability (CVE-2018-11066). A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — We wanted to post a quick acknowledgement that VMware has representatives in attendance at the Tianfu Cup PWN Contest in Chengdu, China to review any vulnerabilities that may be demonstrated during the contest. We would like to thank the organisers for inviting us to attend. Stay tuned for further updates. As always please sign up for our VMware Security Advisories here for new and updated information. The post VMware and the Tianfu Cup PWN Contest appeared first on VMware Security & Compliance Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory:   “VMSA-2018-0028 (https://www.vmware.com/security/advisories/VMSA-2018-0028.html) – VMware vRealize Log Insight updates address an authorization bypass vulnerability” This documents the remediation of a moderate severity authorization bypass vulnerability (CVE-2018-6980 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6980) in VMware vRealize Log Insight. The issue exists due to improper authorization in Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — VMware is aware of the security vulnerability that was demonstrated at the GeekPwn2018 event. We have been in contact with the organizers of GeekPwn2018 and they have provided us with the details of the issue. We are actively working on its remediation and we plan on publishing a VMware Security Advisory to provide information on updates for affected products. Please sign up for VMware Security Advisories (here) to be notified when this advisory and future advisories are published. We would like Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: VMSA-2018-0026 – VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability The advisory documents the remediation of a Critical severity out-of-bounds read vulnerability (CVE-2018-6974) in VMware ESXi, Workstation, and Fusion. The issue exists in SVGA device and may allow a guest to execute code on the host. We would like to thank Anonymous working with Trend Micro’s Zero Day Initiative for Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: VMSA-2018-0025 – VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability This documents an important severity denial-of-service vulnerability that affects VMware ESXi, Workstation and Fusion. This issue arises due to an infinite loop in the 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new and updated security advisories: VMSA-2018-0024 – https://www.vmware.com/security/advisories/VMSA-2018-0024.html Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post VMware Security Advisory: VMSA-2018-0024 appeared first on VMware Security & Compliance Blog. Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new security advisory: VMSA-2018-0023 – AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities. Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post New VMware Security Advisory VMSA-2018-0023 appeared first on VMware Security & Compliance Blog. Read more […]