News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
October 23, 2014, 06:24:14
Pages: 1 2 3 [4] 5 6 ... 8   Go Down
  Print  
Topic: VMware svr and client multiple vulns - updates available  (Read 33988 times)
0 Members and 1 Guest are viewing this topic.
« Reply #45 on: September 24, 2010, 03:18:38 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

- http://www.vmware.com/security/advisories/VMSA-2010-0014.html
CVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205 CVE-2010-2249 CVE-2010-0434 CVE-2010-0425

VMSA-2010-0014 VMware Workstation, Player, and ACE...
- http://lists.vmware.com/pipermail/security-announce/2010/000105.html
Sep 23, 2010

- http://secunia.com/advisories/41574/
- http://secunia.com/advisories/41605/
- http://secunia.com/advisories/41606/
- http://secunia.com/advisories/41607/

- http://www.securitytracker.com/id?1024481

 Exclamation
« Last Edit: September 25, 2010, 00:45:29 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #46 on: September 30, 2010, 11:13:26 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

- http://www.vmware.com/security/advisories/VMSA-2010-0015.html

VMSA-2010-0015 VMware ESX third party updates for Service Console
- http://lists.vmware.com/pipermail/security-announce/2010/000106.html
Sep 30, 2010
CVE numbers: CVE-2010-0826 CVE-2009-3767 CVE-2010-0734 CVE-2010-1646 CVE-2009-3555 CVE-2009-2409 CVE-2009-3245 CVE-2010-0433 ...

- http://secunia.com/advisories/41618/
Release Date: 2010-09-30
Criticality level: Moderately critical
Impact: Unknown, Security Bypass, Spoofing, Manipulation of data, Exposure of sensitive information, DoS
Where: From remote...
Original Advisory: VMSA-2010-0015:
http://lists.vmware.com/pipermail/security-announce/2010/000106.html

 Exclamation
« Last Edit: October 01, 2010, 12:42:58 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #47 on: November 16, 2010, 09:19:20 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

- http://www.vmware.com/security/advisories/VMSA-2010-0016.html

VMSA-2010-0016 VMware ESXi and ESX third party updates...
- http://lists.vmware.com/pipermail/security-announce/2010/000108.html
Nov 15 23:52:50 PST 2010
Advisory ID: VMSA-2010-0016
Synopsis: VMware ESXi and ESX third party updates for Service Console and Likewise components
Issue date: 2010-11-15
CVE numbers: CVE-2010-0415 CVE-2010-0307 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1437 CVE-2010-1088 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-4212 CVE-2010-1321 ...

- http://secunia.com/advisories/42280/
Release Date: 2010-11-16
Criticality level: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote ...
Solution Status: Vendor Patch ...
Original Advisory: VMSA-2010-0016:
http://lists.vmware.com/pipermail/security-announce/2010/000108.html

- http://secunia.com/advisories/42240/

 Exclamation
« Last Edit: November 16, 2010, 14:43:15 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #48 on: November 30, 2010, 05:04:48 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

- http://www.vmware.com/security/advisories/VMSA-2010-0017.html

VMSA-2010-0017 - VMware ESX Server update for kernel
- http://secunia.com/advisories/42384/
Release Date: 2010-11-30
Impact: Privilege escalation
Where: Local system
Solution Status: Partial Fix
... update for the Console OS (COS) kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
Original Advisory: VMSA-2010-0017:
http://lists.vmware.com/pipermail/security-announce/2010/000111.html
CVE reference:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3081
Last revised: 11/19/2010
CVSS v2 Base Score: 7.2 (HIGH)

- http://lists.vmware.com/pipermail/security-announce/2010/subject.html
Starting: Wed Jan 6 23:07:55 PST 2010
Ending: Mon Nov 29 22:34:15 PST 2010
Messages: 37

 Exclamation
« Last Edit: November 30, 2010, 09:42:02 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #49 on: December 03, 2010, 01:33:14 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

VMSA-2010-0018 VMware - ESX patches...
- http://www.vmware.com/security/advisories/VMSA-2010-0018.html
Advisory ID: VMSA-2010-0018
Synopsis: VMware hosted products and ESX patches resolve multiple security issues
Issue date: 2010-12-02
CVE numbers: CVE-2010-4295 CVE-2010-4296 CVE-2010-4297 CVE-2010-4294

- http://www.securitytracker.com/id?1024819
Dec 3 2010
- http://www.securitytracker.com/id?1024820
Dec 3 2010

 Exclamation
« Last Edit: December 03, 2010, 04:51:35 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #50 on: December 07, 2010, 11:10:22 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

VMSA-2010-0019 VMware ESX third party updates for Service Console
- http://www.vmware.com/security/advisories/VMSA-2010-0019.html
Dec 7, 2010 - Advisory ID: VMSA-2010-0019
Synopsis:   VMware ESX third party updates for Service Console
Issue date: 2010-12-07
CVE numbers:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0405
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0590
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2409
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3069
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3555

- http://secunia.com/advisories/42467/
- http://secunia.com/advisories/42529/
- http://secunia.com/advisories/42530/
- http://secunia.com/advisories/42531/
Release Date: 2010-12-07

 Exclamation
« Last Edit: December 07, 2010, 14:15:05 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #51 on: December 22, 2010, 02:21:40 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

VMSA-2010-0020 - VMware ESXi 4.1 Update Installer SFCB Authentication Flaw
- http://www.vmware.com/security/advisories/VMSA-2010-0020.html
Issue date: 2010-12-21
CVE number: CVE-2010-4573
ESXi 4.1 - Workaround described in VMware Knowledge Base Article KB 1031761:
http://kb.vmware.com/kb/1031761

- http://kb.vmware.com/kb/1017910

- http://secunia.com/advisories/42591/
Release Date: 2010-12-22
Criticality level: Moderately critical
Impact: Security Bypass
Where: From remote  
... The security issue is reported in version 4.1.
Solution: Follow the vendor's workaround.

- http://www.securitytracker.com/id?1024917
Dec 22 2010

 Exclamation
« Last Edit: December 22, 2010, 04:41:18 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #52 on: January 05, 2011, 07:51:04 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

VMSA-2011-0001 - VMware ESX 3rd party updates for Service Console
- http://secunia.com/advisories/42787/
Release Date: 2011-01-05
Impact: Privilege escalation, DoS, System access
Where: From local network
CVE Reference(s): CVE-2010-0211, CVE-2010-0212, CVE-2010-2956, CVE-2010-3847, CVE-2010-3856
Original Advisory: VMSA-2011-0001:
http://www.vmware.com/security/advisories/VMSA-2011-0001.html
Synopsis: VMware ESX third party updates for Service Console packages glibc, sudo, and openldap...

- http://isc.sans.edu/diary.html?storyid=10204
Last Updated: 2011-01-05 12:39:50 UTC

 Exclamation
« Last Edit: January 05, 2011, 08:07:11 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #53 on: February 08, 2011, 07:32:47 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

VMSA-2011-0002 Cisco Nexus 1000V VEM updates
- http://www.vmware.com/security/advisories/VMSA-2011-0002.html
Synopsis: Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi
Issue date: 2011-02-07
CVE numbers: CVE-2011-0355
Relevant releases: The following VMware products could be affected by a denial of service vulnerability that is present in older versions of the Cisco Nexus 1000V virtual switch:
ESXi 4.1, ESXi 4.0, ESX 4.1, ESX 4.0

- http://www.securitytracker.com/id/1025030
Feb 8 2011

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #54 on: February 11, 2011, 12:01:45 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

Win 7 Patch Tuesday security udpates break VMware software
- http://www.h-online.com/security/news/item/Windows-7-Patch-Tuesday-security-udpates-break-VMware-software-1188165.html
11 February 2011

- http://www.us-cert.gov/current/#vmware_releases_advisory_for_windows
February 11, 2011

VMSA-2011-0003 - 3rd party component updates...
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
2011-02-10
Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Summary: Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues.
Relevant releases: vCenter Server 4.1 without Update 1, vCenter Update Manager 4.1 without Update 1, ESXi 4.1 without patch ESXi410-201101201-SG, ESX 4.1 without patch ESX410-201101201-SG...

 Exclamation Exclamation
« Last Edit: February 14, 2011, 03:33:37 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #55 on: March 08, 2011, 01:36:23 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

VMSA-2011-0004 VMware...
- http://www.vmware.com/security/advisories/VMSA-2011-0004.html
Synopsis: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
Issue date: 2011-03-07
CVE numbers: CVE-2010-3613 CVE-2010-3614 CVE-2010-3762 CVE-2010-3316 CVE-2010-3435 CVE-2010-3853 CVE-2010-2059 CVE-2010-3609 ...
1. Summary:
Service Location Protocol daemon (SLPD) denial of service issue and ESX 4.0 Service Console OS (COS) updates for bind, pam, and rpm.
2. Relevant releases:
VMware ESXi 4.1 without patch ESXi410-201101201-SG.
VMware ESXi 4.0 without patch ESXi400-201103401-SG.
VMware ESX 4.1 without patch ESX410-201101201-SG.
VMware ESX 4.0 without patches ESX400-201103401-SG,
ESX400-201103404-SG, ESX400-201103406-SG, ESX400-201103407-SG...
___

- http://secunia.com/advisories/43675/
Release Date: 2011-03-08
Impact: Security Bypass, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS
- http://secunia.com/advisories/43601/
Release Date: 2011-03-08

- http://www.securitytracker.com/id/1025168
Mar 8 2011

 Exclamation
« Last Edit: March 08, 2011, 02:11:18 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #56 on: March 15, 2011, 08:59:13 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

VMSA-2011-0005 - VMware vCenter Orchestrator vuln
- http://www.vmware.com/security/advisories/VMSA-2011-0005.html
2011-03-14: 1. Summary:
A vulnerability in VMware vCenter Orchestrator(vCO) could allow remote execution.
2. Relevant releases:
VMware vCenter Orchestrator 4.1
VMware vCenter Orchestrator 4.0
3. Problem Description:
VMware vCenter Orchestrator is an application to automate management tasks. It embeds Apache Struts (version 2.0.11) which is a third party component. The following vulnerability has been reported in Apache Struts 2.0.11 or earlier. A remote execution of code vulnerability could allow malicious users to bypass the '#'-usage protection built into the ParametersInterceptor, which could allow server side context objects to be manipulated...
4. Solution: vCenter Orchestrator workaround for Apache Struts
- http://kb.vmware.com/kb/1034175

- http://secunia.com/advisories/43717/
Release Date: 2011-03-16
Criticality level: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, System access
Where: From local network
Original Advisory: VMSA-2011-0005:
http://www.vmware.com/security/advisories/VMSA-2011-0005.html
http://kb.vmware.com/kb/1034175

 Exclamation
« Last Edit: March 16, 2011, 06:26:39 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #57 on: March 30, 2011, 09:13:06 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

VMSA-2011-0006 - VMware vmrun utility local privilege escalation
- http://www.vmware.com/security/advisories/VMSA-2011-0006.html
Issue date: 2011-03-29
CVE numbers: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1126
... installed in VMware Workstation by default.
- http://kb.vmware.com/kb/1035509

- http://secunia.com/advisories/43885/
Release Date: 2011-03-30
- http://secunia.com/advisories/43943/
Release Date: 2011-03-30

- http://www.securitytracker.com/id/1025270
Mar 30 2011

 Exclamation
« Last Edit: March 30, 2011, 09:17:22 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #58 on: April 28, 2011, 12:21:47 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

VMSA-2011-0007 - VMware ESXi 4.1 Security and Firmware Updates
- http://www.vmware.com/security/advisories/VMSA-2011-0007.html
2011-04-28
Synopsis: VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
Summary: VMware ESXi and ESX could encounter a socket exhaustion situation which may lead to a denial of service. Updates to Likewise components and to the ESX Service Console address security vulnerabilities...

- http://isc.sans.edu/diary.html?storyid=10786
Last Updated: 2011-04-28 17:23:27 UTC - "The patch resolves several security issues (CVE-2011-1786, CVE-2010-1324, CVE-2010-1323, CVE-2010-4020, CVE-2010-4021, and CVE-2011-1785) affecting OpenLDAP and KRB5. The full list of issues fixed with patch ESXi410-201104401-SG is available here* and the patch can be downloaded here**."

* http://kb.vmware.com/kb/1035108

** http://www.vmware.com/patch/download/
___

- http://www.securitytracker.com/id/1025452
Apr 28 2011

 Exclamation
« Last Edit: April 28, 2011, 17:50:57 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #59 on: May 06, 2011, 09:25:30 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8346



FYI...

VMSA-2011-0008 - VMware ESXi and ESX - updates
- http://www.vmware.com/security/advisories/VMSA-2011-0008.html
2011-05-05
CVE numbers: CVE-2011-0426, CVE-2011-1788, CVE-2011-1789
Synopsis: VMware vCenter Server and vSphere Client security vulnerabilities
Summary: VMware vCenter Server directory traversal and information disclosure vulnerabilities. vSphere Client Installer is delivered through an unsigned package...
References: VMware KB 1021404
http://kb.vmware.com/kb/1021404

- http://www.securitytracker.com/id/1025502
May 6 2011

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: 1 2 3 [4] 5 6 ... 8   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Page created in 0.941 seconds with 18 queries.