ASA-2019-00238 – Confluence: Path traversal in the downloadallattachments resource

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs, or to create a new space or personal space, or who has 'Admin' permissions for a space, can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.

ASA-2019-00237 – VMware: Vertex shader out-of-bounds read vulnerability

VMware ESXi, Workstation and Fusion updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

ASA-2019-00236 – VMware: Out-of-bounds read vulnerability

VMware ESXi, Workstation and Fusion updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

ASA-2019-00235 – VMware: Multiple shader translator out-of-bounds read vulnerabilities

VMware ESXi, Workstation and Fusion contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled.  Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM.  The workaround for these issues involves disabling the 3D-acceleration feature.  This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.