The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of VMware Workstation

vulnerability announce CVE-2019-5525

VMware Workstation Linux: use after free via ALSA Backend

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via ALSA Backend of VMware Workstation Linux, in order to trigger a denial of service, and possibly to run code.
Impacted products: VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 06/06/2019.
Identifiers: CERTFR-2019-AVI-253, CVE-2019-5525, VIGILANCE-VUL-29472, VMSA-2019-0009.

Description of the vulnerability

An attacker can force the usage of a freed memory area via ALSA Backend of VMware Workstation Linux, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-5526

VMware Workstation: executing DLL code

Synthesis of the vulnerability

An attacker can create a malicious DLL, and then put it in the current directory of VMware Workstation, in order to execute code.
Impacted products: VMware Workstation.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet server.
Creation date: 15/05/2019.
Identifiers: CERTFR-2019-AVI-217, CVE-2019-5526, VIGILANCE-VUL-29307, VMSA-2019-0007.

Description of the vulnerability

An attacker can create a malicious DLL, and then put it in the current directory of VMware Workstation, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-5514 CVE-2019-5515 CVE-2019-5518

VMware ESXi/Workstation: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi/Workstation.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 5.
Creation date: 29/03/2019.
Revision date: 18/04/2019.
Identifiers: CERTFR-2019-AVI-136, CVE-2019-5514, CVE-2019-5515, CVE-2019-5518, CVE-2019-5519, CVE-2019-5524, VIGILANCE-VUL-28896, VMSA-2019-0005, ZDI-19-420, ZDI-19-421, ZDI-19-516.

Description of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi/Workstation.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-5516 CVE-2019-5517 CVE-2019-5520

VMware ESXi/Workstation: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi/Workstation.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/04/2019.
Revision date: 18/04/2019.
Identifiers: CERTFR-2019-AVI-167, CVE-2019-5516, CVE-2019-5517, CVE-2019-5520, VIGILANCE-VUL-29032, VMSA-2019-0006, ZDI-19-369.

Description of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi/Workstation.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-5511 CVE-2019-5512

VMware Workstation: two vulnerabilities via VMX Process

Synthesis of the vulnerability

An attacker can use several vulnerabilities via VMX Process of VMware Workstation.
Impacted products: VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/03/2019.
Identifiers: CVE-2019-5511, CVE-2019-5512, VIGILANCE-VUL-28755, VMSA-2019-0002.

Description of the vulnerability

An attacker can use several vulnerabilities via VMX Process of VMware Workstation.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-6983

VMware Workstation: integer overflow via Virtual Network Device

Synthesis of the vulnerability

An attacker, inside a guest system, can generate an integer overflow via Virtual Network Device of VMware Workstation, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 23/11/2018.
Identifiers: CERTFR-2018-AVI-569, CVE-2018-6983, VIGILANCE-VUL-27868, VMSA-2018-0030.

Description of the vulnerability

An attacker, inside a guest system, can generate an integer overflow via Virtual Network Device of VMware Workstation, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-6981 CVE-2018-6982

VMware ESXi/Workstation: information disclosure via vmxnet3

Synthesis of the vulnerability

A local attacker, inside a guest system, can read a memory fragment via vmxnet3 of VMware ESXi/Workstation, in order to obtain sensitive information on the host system.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/11/2018.
Identifiers: CERTFR-2018-AVI-542, CVE-2018-6981, CVE-2018-6982, VIGILANCE-VUL-27750, VMSA-2018-0027.

Description of the vulnerability

A local attacker, inside a guest system, can read a memory fragment via vmxnet3 of VMware ESXi/Workstation, in order to obtain sensitive information on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-6974

VMware ESXi, Workstation: privilege escalation via SVGA Device

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via SVGA Device of VMware ESXi, Workstation, in order to escalate his privileges on the host system.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 17/10/2018.
Identifiers: CERTFR-2018-AVI-493, CVE-2018-6974, VIGILANCE-VUL-27545, VMSA-2018-0026.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via SVGA Device of VMware ESXi, Workstation, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-6977

VMware ESXi/Workstation: infinite loop via 3D-rendering Shader

Synthesis of the vulnerability

An attacker, inside a guest system, can generate an infinite loop via 3D-rendering Shader of VMware ESXi/Workstation, in order to trigger a denial of service on the host system.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 10/10/2018.
Identifiers: CVE-2018-6977, TALOS-2018-0589, VIGILANCE-VUL-27453.

Description of the vulnerability

An attacker, inside a guest system, can generate an infinite loop via 3D-rendering Shader of VMware ESXi/Workstation, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-6973

VMware Workstation: buffer overflow via e1000

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a buffer overflow via e1000 of VMware Workstation, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 16/08/2018.
Identifiers: CERTFR-2018-AVI-385, CVE-2018-6973, VIGILANCE-VUL-27007, VMSA-2018-0022, ZDI-18-1060.

Description of the vulnerability

An attacker, inside a guest system, can generate a buffer overflow via e1000 of VMware Workstation, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about VMware Workstation: