Virtual machines that use AMD’s hardware-based encryption scheme are vulnerable to attacks that can extract the full contents of their main memory – in plaintext.

Users who run four different types of VMware products, ESXi, vCenter Server, Fusion and Workstation, are being encouraged to update to address a series of vulnerabilities, one critical.

VMware fixed two critical vulnerabilities in its vSphere Data Protection solution this week that could have allowed an attacker to execute commands on the appliance, among other outcomes.

VMware fixed two bugs in its VMware Workstation late Thursday night, including an insecure library loading vulnerability and a NULL pointer dereference vulnerability.

VMware patched a critical vulnerability in its vCenter Server platform late last week that could have let an attacker execute arbitrary code in some scenarios.

VMware patched two cross-site scripting vulnerabilities in its products this week that if exploited, could lead to the compromise of a user’s client workstation. The bugs, stored XSS vulnerabilities and rated important, exist in the company’s vRealize Automation and vRealize Business Advanced and Enterprise platforms. Linux users running 6.x of vRealize Automation, a cloud automation...