How severe is CVE-2019-5519?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2019-5519?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2019-5519 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.

Related Vulnerabilities

CVE-2023-0778

MEDIUM

CVSS:6.8(Medium)

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access...

CWE-3672023

CVE-2024-39826

MEDIUM

CVSS:6.8(Medium)

Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access.

CWE-3672024

CVE-2020-0003

MEDIUM

CVSS:6.7(Medium)

In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional ex...

CWE-3672020

CVE-2020-8354

MEDIUM

CVSS:6.7(Medium)

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.

CWE-3672020

CVE-2021-0897

MEDIUM

CVSS:6.7(Medium)

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need...

CWE-3672021

CVE-2021-1567

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device...

CWE-3672021