The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of VMware Workstation

computer vulnerability announce CVE-2019-5526

VMware Workstation: executing DLL code

Synthesis of the vulnerability

An attacker can create a malicious DLL, and then put it in the current directory of VMware Workstation, in order to execute code.
Impacted products: VMware Workstation.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet server.
Creation date: 15/05/2019.
Identifiers: CERTFR-2019-AVI-217, CVE-2019-5526, VIGILANCE-VUL-29307, VMSA-2019-0007.

Description of the vulnerability

An attacker can create a malicious DLL, and then put it in the current directory of VMware Workstation, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-5514 CVE-2019-5515 CVE-2019-5518

VMware ESXi/Workstation: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi/Workstation.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 5.
Creation date: 29/03/2019.
Revision date: 18/04/2019.
Identifiers: CERTFR-2019-AVI-136, CVE-2019-5514, CVE-2019-5515, CVE-2019-5518, CVE-2019-5519, CVE-2019-5524, VIGILANCE-VUL-28896, VMSA-2019-0005, ZDI-19-420, ZDI-19-421, ZDI-19-516.

Description of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi/Workstation.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-5516 CVE-2019-5517 CVE-2019-5520

VMware ESXi/Workstation: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi/Workstation.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/04/2019.
Revision date: 18/04/2019.
Identifiers: CERTFR-2019-AVI-167, CVE-2019-5516, CVE-2019-5517, CVE-2019-5520, VIGILANCE-VUL-29032, VMSA-2019-0006, ZDI-19-369.

Description of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi/Workstation.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-5511 CVE-2019-5512

VMware Workstation: two vulnerabilities via VMX Process

Synthesis of the vulnerability

An attacker can use several vulnerabilities via VMX Process of VMware Workstation.
Impacted products: VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/03/2019.
Identifiers: CVE-2019-5511, CVE-2019-5512, VIGILANCE-VUL-28755, VMSA-2019-0002.

Description of the vulnerability

An attacker can use several vulnerabilities via VMX Process of VMware Workstation.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-6983

VMware Workstation: integer overflow via Virtual Network Device

Synthesis of the vulnerability

An attacker, inside a guest system, can generate an integer overflow via Virtual Network Device of VMware Workstation, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 23/11/2018.
Identifiers: CERTFR-2018-AVI-569, CVE-2018-6983, VIGILANCE-VUL-27868, VMSA-2018-0030.

Description of the vulnerability

An attacker, inside a guest system, can generate an integer overflow via Virtual Network Device of VMware Workstation, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-6981 CVE-2018-6982

VMware ESXi/Workstation: information disclosure via vmxnet3

Synthesis of the vulnerability

A local attacker, inside a guest system, can read a memory fragment via vmxnet3 of VMware ESXi/Workstation, in order to obtain sensitive information on the host system.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/11/2018.
Identifiers: CERTFR-2018-AVI-542, CVE-2018-6981, CVE-2018-6982, VIGILANCE-VUL-27750, VMSA-2018-0027.

Description of the vulnerability

A local attacker, inside a guest system, can read a memory fragment via vmxnet3 of VMware ESXi/Workstation, in order to obtain sensitive information on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-6974

VMware ESXi, Workstation: privilege escalation via SVGA Device

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via SVGA Device of VMware ESXi, Workstation, in order to escalate his privileges on the host system.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 17/10/2018.
Identifiers: CERTFR-2018-AVI-493, CVE-2018-6974, VIGILANCE-VUL-27545, VMSA-2018-0026.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via SVGA Device of VMware ESXi, Workstation, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-6977

VMware ESXi/Workstation: infinite loop via 3D-rendering Shader

Synthesis of the vulnerability

An attacker, inside a guest system, can generate an infinite loop via 3D-rendering Shader of VMware ESXi/Workstation, in order to trigger a denial of service on the host system.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 10/10/2018.
Identifiers: CVE-2018-6977, TALOS-2018-0589, VIGILANCE-VUL-27453.

Description of the vulnerability

An attacker, inside a guest system, can generate an infinite loop via 3D-rendering Shader of VMware ESXi/Workstation, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-6973

VMware Workstation: buffer overflow via e1000

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a buffer overflow via e1000 of VMware Workstation, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 16/08/2018.
Identifiers: CERTFR-2018-AVI-385, CVE-2018-6973, VIGILANCE-VUL-27007, VMSA-2018-0022, ZDI-18-1060.

Description of the vulnerability

An attacker, inside a guest system, can generate a buffer overflow via e1000 of VMware Workstation, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-3646

Intel processors: information disclosure via Foreshadow L1TF Virtualization

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via L1TF Virtualization on Intel processors, in order to obtain sensitive information.
Impacted products: SNS, Mac OS X, Arkoon FAST360, Cisco ASR, Nexus by Cisco, NX-OS, Cisco UCS, XenServer, Debian, Avamar, NetWorker, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, HP ProLiant, QRadar SIEM, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, OpenBSD, openSUSE Leap, Oracle Communications, Solaris, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere Hypervisor, VMware Workstation, Xen.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 16/08/2018.
Identifiers: 525211, 528031, ADV180018, CERTFR-2018-AVI-385, CERTFR-2018-AVI-386, CERTFR-2018-AVI-387, CERTFR-2018-AVI-388, CERTFR-2018-AVI-390, CERTFR-2018-AVI-391, CERTFR-2018-AVI-392, CERTFR-2018-AVI-416, CERTFR-2018-AVI-419, CERTFR-2018-AVI-426, CERTFR-2018-AVI-557, CERTFR-2018-AVI-584, CERTFR-2019-AVI-169, CERTFR-2019-AVI-242, cisco-sa-20180814-cpusidechannel, cpuapr2019, cpujan2019, CTX236548, CVE-2018-3646, DLA-1481-1, DLA-1506-1, DSA-2018-170, DSA-2018-217, DSA-2019-030, DSA-4274-1, DSA-4279-1, DSA-4279-2, FEDORA-2018-1c80fea1cd, FEDORA-2018-f8cba144ae, FG-IR-18-002, Foreshadow, FreeBSD-SA-18:09.l1tf, HPESBHF03874, HT209139, HT209193, ibm10742755, INTEL-SA-00161, JSA10937, K31300402, openSUSE-SU-2018:2399-1, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, openSUSE-SU-2018:2434-1, openSUSE-SU-2018:2436-1, openSUSE-SU-2018:4304-1, RHSA-2018:2384-01, RHSA-2018:2387-01, RHSA-2018:2388-01, RHSA-2018:2389-01, RHSA-2018:2390-01, RHSA-2018:2391-01, RHSA-2018:2392-01, RHSA-2018:2393-01, RHSA-2018:2394-01, RHSA-2018:2395-01, RHSA-2018:2396-01, RHSA-2018:2602-01, RHSA-2018:2603-01, SSA-254686, STORM-2018-005, SUSE-SU-2018:2328-1, SUSE-SU-2018:2331-1, SUSE-SU-2018:2332-1, SUSE-SU-2018:2335-1, SUSE-SU-2018:2338-1, SUSE-SU-2018:2344-1, SUSE-SU-2018:2362-1, SUSE-SU-2018:2366-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2384-1, SUSE-SU-2018:2394-1, SUSE-SU-2018:2401-1, SUSE-SU-2018:2409-1, SUSE-SU-2018:2410-1, SUSE-SU-2018:2480-1, SUSE-SU-2018:2482-1, SUSE-SU-2018:2483-1, SUSE-SU-2018:2528-1, SUSE-SU-2018:2596-1, SUSE-SU-2018:2637-1, SUSE-SU-2018:3490-1, SUSE-SU-2018:4300-1, Synology-SA-18:45, USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, USN-3756-1, USN-3823-1, VIGILANCE-VUL-26999, VMSA-2018-0020, VU#982149, XSA-273, XSA-289.

Description of the vulnerability

An attacker can bypass access restrictions to data via L1TF Virtualization on Intel processors, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about VMware Workstation: