All the vulnerabilites related to VMware - VMware Workstation
cve-2019-5539
Vulnerability from cvelistv5
Published
2019-12-23 19:20
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2019-0023.html | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| VMware | VMware Workstation | |
| VMware | Horizon View Agent |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x prior to 15.5.1"
}
]
},
{
"product": "Horizon View Agent",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.10.x prior to 7.10.1"
},
{
"status": "affected",
"version": "7.5.x prior 7.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL hijacking vulnerability via Cortado Thinprint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-23T19:20:50",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2019-5539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workstation",
"version": {
"version_data": [
{
"version_value": "15.x prior to 15.5.1"
}
]
}
},
{
"product_name": "Horizon View Agent",
"version": {
"version_data": [
{
"version_value": "7.10.x prior to 7.10.1"
},
{
"version_value": "7.5.x prior 7.5.4"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL hijacking vulnerability via Cortado Thinprint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0023.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2019-5539",
"datePublished": "2019-12-23T19:20:50",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3958
Vulnerability from cvelistv5
Published
2020-05-29 19:42
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2020-0011.html | x_refsource_CONFIRM | |
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0957 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| VMware | VMware ESXi | |
| VMware | VMware Workstation | |
| VMware | VMware Fusion |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7 before ESXi670-202004101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-202005401-SG"
}
]
},
{
"product": "VMware Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.5.2"
}
]
},
{
"product": "VMware Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine\u0027s vmx process leading to a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-01T14:06:05",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0957"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "6.7 before ESXi670-202004101-SG"
},
{
"version_value": "6.5 before ESXi650-202005401-SG"
}
]
}
},
{
"product_name": "VMware Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.5.2"
}
]
}
},
{
"product_name": "VMware Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.5.2"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine\u0027s vmx process leading to a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0011.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0011.html"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0957",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0957"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3958",
"datePublished": "2020-05-29T19:42:41",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3959
Vulnerability from cvelistv5
Published
2020-05-29 19:49
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2020-0011.html | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| VMware | VMware ESXi | |
| VMware | VMware Workstation | |
| VMware | VMware Fusion |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7 before ESXi670-202004101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-202005401-SG"
}
]
},
{
"product": "VMware Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.1.0"
}
]
},
{
"product": "VMware Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine\u0027s vmx process leading to a partial denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T19:49:35",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "6.7 before ESXi670-202004101-SG"
},
{
"version_value": "6.5 before ESXi650-202005401-SG"
}
]
}
},
{
"product_name": "VMware Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.1.0"
}
]
}
},
{
"product_name": "VMware Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.1.0"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine\u0027s vmx process leading to a partial denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0011.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3959",
"datePublished": "2020-05-29T19:49:35",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5525
Vulnerability from cvelistv5
Published
2019-06-06 19:00
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2019-0009.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/108674 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| VMware | VMware Workstation |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0009.html"
},
{
"name": "108674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "VMware Workstation (15.x before 15.1.0)"
}
]
}
],
"datePublic": "2019-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-07T09:06:03",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0009.html"
},
{
"name": "108674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108674"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2019-5525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workstation",
"version": {
"version_data": [
{
"version_value": "VMware Workstation (15.x before 15.1.0)"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0009.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0009.html"
},
{
"name": "108674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108674"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2019-5525",
"datePublished": "2019-06-06T19:00:44",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5521
Vulnerability from cvelistv5
Published
2019-09-20 18:00
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0757 | x_refsource_MISC | |
| https://www.vmware.com/security/advisories/VMSA-2019-0012.html | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| VMware | VMware ESXi | |
| VMware | VMware Workstation | |
| VMware | VMware Fusion |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7 before ESXi670-201904101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-201903001"
}
]
},
{
"product": "VMware Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.0.3"
},
{
"status": "affected",
"version": "14.x before 14.1.6"
}
]
},
{
"product": "VMware Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.0.3"
},
{
"status": "affected",
"version": "10.x before 10.1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of bounds read vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T18:01:04",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2019-5521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "6.7 before ESXi670-201904101-SG"
},
{
"version_value": "6.5 before ESXi650-201903001"
}
]
}
},
{
"product_name": "VMware Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.0.3"
},
{
"version_value": "14.x before 14.1.6"
}
]
}
},
{
"product_name": "VMware Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.0.3"
},
{
"version_value": "10.x before 10.1.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds read vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0757",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0757"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0012.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2019-5521",
"datePublished": "2019-09-20T18:00:52",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2015-000007
Vulnerability from jvndb
Published
2015-01-29 13:52
Modified
2015-02-16 15:34
Summary
Arbitrary files may be overwritten in multiple VMware products
Details
Multiple products provided by VMware Inc. contain a vulnerability where arbitrary files on the host OS may be overwritten.
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000007.html",
"dc:date": "2015-02-16T15:34+09:00",
"dcterms:issued": "2015-01-29T13:52+09:00",
"dcterms:modified": "2015-02-16T15:34+09:00",
"description": "Multiple products provided by VMware Inc. contain a vulnerability where arbitrary files on the host OS may be overwritten.\r\n\r\nShanon Olsson reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000007.html",
"sec:cpe": [
{
"#text": "cpe:/a:vmware:fusion",
"@product": "VMware Fusion",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:player",
"@product": "VMware Player",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:workstation",
"@product": "VMware Workstation",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:vmware:esxi",
"@product": "VMware ESXi",
"@vendor": "VMware",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000007",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN88252465/index.html",
"@id": "JVN#88252465",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370",
"@id": "CVE-2014-8370",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8370",
"@id": "CVE-2014-8370",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Arbitrary files may be overwritten in multiple VMware products"
}