CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5535
https://notcve.org/view.php?id=CVE-2019-5535
VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7. VMware Workstation y Fusion, contienen una vulnerabilidad de denegación de servicio de red debido al manejo inapropiado de ciertos paquetes IPv6. VMware ha evaluado la gravedad de este problema para estar en el rango de gravedad Moderada con un puntaje base CVSSv3 máximo de 4.7. • https://www.vmware.com/security/advisories/VMSA-2019-0014.html •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5525
https://notcve.org/view.php?id=CVE-2019-5525
VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed. VMware Workstation (15.x antes del 15.1.0) contiene una vulnerabilidad de use-after-free en el backend Advanced Linux Sound Architecture (ALSA). Un usuario malintencionado con privilegios de usuario normal en la máquina invitada puede aprovechar este problema junto con otros problemas para ejecutar el código en el host de Linux donde está instalada la Estación de trabajo. • http://www.securityfocus.com/bid/108674 https://www.vmware.com/security/advisories/VMSA-2019-0009.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-5526 – VMware Workstation 15.1.0 - DLL Hijacking
https://notcve.org/view.php?id=CVE-2019-5526
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed. VMware Workstation (versión 15.x anterior de 15.1.0) contiene un problema de secuestro de DLL porque la aplicación carga inapropiadamente algunos archivos DLL. La explotación con éxito de este problema puede permitir a los atacantes con privilegios de usuario normales escalar sus privilegios al administrador en un host de Windows donde está instalada la Estación de trabajo. VMware Workstation versions prior to 15.1.0 suffer from a dll hijacking vulnerability. • https://www.exploit-db.com/exploits/46851 http://packetstormsecurity.com/files/152946/VMware-Workstation-DLL-Hijacking.html http://www.securityfocus.com/bid/108333 https://www.vmware.com/security/advisories/VMSA-2019-0007.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 0%CPEs: 120EXPL: 0CVE-2019-5517
https://notcve.org/view.php?id=CVE-2019-5517
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. • https://www.vmware.com/security/advisories/VMSA-2019-0006.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 1%CPEs: 120EXPL: 0CVE-2019-5520 – VMware Workstation Shader Bytecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-5520
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. La actualizaciones de VMware ESXi (versiones 6.7 anteriores a ESXi670-201904101-SG y 6.5 anteriores a ESXi650-201903001), Workstation (versiones 15.x anteriores a 15.0.3 y 14.x anteriores a 14.1.6), Fusion (versiones 11.x anteriores a 11.0.3 y 10.x anteriores a 10.1.6) abordan una vulnerabilidad de fuera de límites. • https://www.vmware.com/security/advisories/VMSA-2019-0006.html https://www.zerodayinitiative.com/advisories/ZDI-19-369 • CWE-125: Out-of-bounds Read •