CVE-2019-5124
https://notcve.org/view.php?id=CVE-2019-5124
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. Se presenta una vulnerabilidad de lectura fuera de límites explotable en el controlador AMD ATIDXX64.DLL, versión 26.20.13001.50005. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0913 • CWE-125: Out-of-bounds Read •
CVE-2019-5539
https://notcve.org/view.php?id=CVE-2019-5539
VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed. VMware Workstation (versiones 15.x anteriores a 15.5.1) y Horizon View Agent (versiones 7.10.x anteriores a 7.10.1 y versiones 7.5.x anteriores a 7.5.4), contienen una vulnerabilidad de secuestro de DLL debido a la carga no segura de una DLL por Cortado Thinprint . Una explotación con éxito de este problema puede permitir a atacantes con privilegios de usuario normales escalar sus privilegios al administrador sobre una máquina con Windows donde está instalado Workstation o View Agent. • https://www.vmware.com/security/advisories/VMSA-2019-0023.html • CWE-427: Uncontrolled Search Path Element •
CVE-2019-5098
https://notcve.org/view.php?id=CVE-2019-5098
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. Se presenta una vulnerabilidad de lectura fuera de límites explotable en el controlador AMD ATIDXX64.DLL, versión 26.20.13001.29010. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0890 • CWE-125: Out-of-bounds Read •
CVE-2019-5542
https://notcve.org/view.php?id=CVE-2019-5542
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. VMware Workstation (versiones 15.x anteriores a 15.5.1) y Fusion (versiones 11.x anteriores a 11.5.1), contienen una vulnerabilidad de denegación de servicio en el controlador RPC. Una explotación con éxito de este problema puede permitir a atacantes con privilegios de usuario normales crear una condición de denegación de servicio en su propia VM. • https://www.vmware.com/security/advisories/VMSA-2019-0021.html •
CVE-2019-5540
https://notcve.org/view.php?id=CVE-2019-5540
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process. VMware Workstation (versiones 15.x anteriores a 15.5.1) y Fusion (versiones 11.x anteriores a 11.5.1), contienen una vulnerabilidad de divulgación de información en vmnetdhcp. Una explotación con éxito de este problema puede permitir a un atacante, en una máquina virtual invitada, revelar información confidencial mediante la perdida de memoria del proceso del host. • https://www.vmware.com/security/advisories/VMSA-2019-0021.html • CWE-401: Missing Release of Memory after Effective Lifetime •