VMware has published a security advisory for multiple vulnerabilities that impact VMware ESXi, Workstation, and Fusion.
Security Advisory VMSA-2019-0020
As part of security advisory VMSA-2019-0020, two (2) moderate severity vulnerabilities have been patched in VMware ESXi, Workstation and Fusion.
The first patch fixes a Machine Check Error on Page Size Change (MCEPSC) Denial-of-Service vulnerability (CVE-2018-12207).
Also, the second patch addresses hypervisor-specific mitigations for TSX Asynchronous Abort (TAA) Denial-of-Service vulnerability (CVE-2018-11135). Each of these have a CVSSv3 base score of 6.5.
Security Advisory VMSA-2019-0021
As part of security advisory VMSA-2019-0021, three (3) moderate severity vulnerabilities have been patched in VMware Workstation, Workstation Pro, Fusion Pro and Fusion products.
The highest rated issue an out-of-bounds write vulnerability in the VMware’s Workstation and Fusion virtual network adapter (CVE-2018-12207). The CVSSv3 base score is rated 8.7.
For the second, Workstation and Fusion products each contain an information disclosure vulnerability in (CVE-2019-5540). The CVSSv3 base score is rated 7.7.
Finally, VMware patched a denial-of-service vulnerability in the RPC handler (CVE-2019-5542). The CVSSv3 base score is rated 5.0.