An advisory from VMware lists a total of 20 different vulnerabilities affecting all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE and VMware Player.
The company warned that attackers can exploit these bugs to launch code execution or denial-of-service attacks. In certain scenarios, a successful exploit would allow an attacker to escape from a guest system in a VM or shut down processes on the host.
[SEE: VMware buys Determina ]
Secunia rates the patch batch as "moderately critical" but issued a separate alert for the VMware ESX Server issue which carries a "highly critical" rating:
This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, perform certain actions with escalated privileges, or to cause a DoS (Denial of Service), by malicious users to bypass certain security restrictions, and by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
Download locations for product patches are available in the VMware advisory.