CVE-2019-3901 – kernel: perf_event_open() and execve() race in setuid programs allows a data leak
https://notcve.org/view.php?id=CVE-2019-3901
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. ... A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. • http://www.securityfocus.com/bid/89937 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901 https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html https://security.netapp.com/advisory/ntap-20190517-0005 https://access.redhat.com/security/cve/CVE-2019-3901 https://bugzilla.redhat.com/show_bug.cgi?id=1701245 • CWE-667: Improper Locking •
CVE-2019-5517
https://notcve.org/view.php?id=CVE-2019-5517
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. ... Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. ... La actualizaciones de VMware ESXi (versiones 6.7 anteriores a ESXi670-201904101-SG y 6.5 anteriores a ESXi650-201903001), Workstation (versiones 15.x anteriores a 15.0.3 y 14.x anteriores a 14.1.6), Fusion (versiones 11.x anteriores a 11.0.3 y 10.x anteriores a 10.1.6) contienen múltiples vulnerabilidades de fuera de límites en el traductor shader. • https://www.vmware.com/security/advisories/VMSA-2019-0006.html • CWE-125: Out-of-bounds Read •
CVE-2019-5520 – VMware Workstation Shader Bytecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-5520
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. ... La actualizaciones de VMware ESXi (versiones 6.7 anteriores a ESXi670-201904101-SG y 6.5 anteriores a ESXi650-201903001), Workstation (versiones 15.x anteriores a 15.0.3 y 14.x anteriores a 14.1.6), Fusion (versiones 11.x anteriores a 11.0.3 y 10.x anteriores a 10.1.6) abordan una vulnerabilidad de fuera de límites. ... This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of VMware Workstation. • https://www.vmware.com/security/advisories/VMSA-2019-0006.html https://www.zerodayinitiative.com/advisories/ZDI-19-369 • CWE-125: Out-of-bounds Read •
CVE-2019-5516
https://notcve.org/view.php?id=CVE-2019-5516
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. ... Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. ... La actualizaciones de VMware ESXi (versiones 6.7 anteriores a ESXi670-201904101-SG y 6.5 anteriores a ESXi650-201903001), Workstation (versiones 15.x anteriores a 15.0.3 y 14.x anteriores a 14.1.6), Fusion (versiones 11.x anteriores a 11.0.3 y 10.x anteriores a 10.1.6) abordan una vulnerabilidad de fuera de límites con la funcionalidad vertex shader. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0762 https://www.vmware.com/security/advisories/VMSA-2019-0006.html • CWE-125: Out-of-bounds Read •
CVE-2019-5513
https://notcve.org/view.php?id=CVE-2019-5513
VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. ... VMware Horizon Connection Server (7.x anterior a la versión 7.8, 7.5.x anterior de 7.5.2, 6.x anterior de 6.2.8) contiene una vulnerabilidad de divulgación de información. • https://www.vmware.com/security/advisories/VMSA-2019-0003.html •