ASA-2019-00563 – VMware Workstation and VMware Fusion: Denial-of-service vulnerability due to improper handling of certain IPv6 packets

VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. An attacker may exploit this issue by sending a specially crafted IPv6 packet from a guest machine on the VMware NAT to disallow network access for all guest machines using VMware NAT mode. This issue can be exploited only if IPv6 mode for VMNAT is enabled.

ASA-2019-00562 – VMware ESXi, Workstation, Fusion, Remote Console and Horizon Client: Use-after-free vulnerability in the virtual sound device

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. A local attacker with non-administrative access on the guest machine may exploit this issue to execute code on the host.

ASA-2019-00559 – VMware ESXi and VMware vCenter: Information disclosure vulnerability

An information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.