ALT-BU-2018-3363-2

Branch sisyphus update bulletin.

Package virtualbox updated to version 5.2.16-alt1.S1 for branch sisyphus in task 209753.

Уязвимость процессоров Intel, ARM и AMD, связанная с особенностями функционирования модуля прогнозирования ветвлений, позволяющая нарушителю получить доступ к защищенной памяти из программы

Severity: MEDIUM (5.6)Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Severity: LOW (3.8)Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N

References:

Уязвимость компонента Core гипервизора Oracle VM VirtualBox, позволяющая нарушителю из гостевой операционной системы выполнять определенные команды или копировать данные хостовой операционной системы

Severity: HIGH (8.8)Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

References:

CVE-2018-2698

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить полный контроль над приложением

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3086

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3087

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3088

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3089

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3090

Уязвимость компонента Core программного средства виртуализации VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.5)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3085

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным или вызвать отказ в обслуживании

Severity: HIGH (7.1)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H

Severity: MEDIUM (5.6)Vector: AV:L/AC:L/Au:N/C:P/I:N/A:C

References:

CVE-2018-3055

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Severity: LOW (1.9)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: MEDIUM (5.6)Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.3)Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Severity: LOW (2.1)Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: LOW (3.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: MEDIUM (6.6)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References:

Severity: LOW (2.1)Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: MEDIUM (4.0)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H).

Severity: LOW (3.3)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:P

Severity: HIGH (7.1)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.5)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).

Severity: LOW (1.9)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: MEDIUM (6.3)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

References:

Package kernel-modules-virtualbox-std-def updated to version 5.2.16-alt1.265784.1 for branch sisyphus in task 209753.

Severity: MEDIUM (5.6)Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Severity: LOW (3.8)Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N

References:

Severity: HIGH (8.8)Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

References:

CVE-2018-2698

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3086

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3087

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3088

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3089

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3090

Severity: HIGH (8.5)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3085

Severity: HIGH (7.1)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H

Severity: MEDIUM (5.6)Vector: AV:L/AC:L/Au:N/C:P/I:N/A:C

References:

CVE-2018-3055

Severity: LOW (1.9)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: MEDIUM (5.6)Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

References:

Severity: MEDIUM (4.3)Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Severity: LOW (2.1)Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: LOW (3.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: MEDIUM (6.6)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References:

Severity: LOW (2.1)Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: MEDIUM (4.0)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Severity: LOW (3.3)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:P

Severity: HIGH (7.1)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.5)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).

Severity: LOW (1.9)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: MEDIUM (6.3)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

References:

Package kernel-modules-virtualbox-addition-std-def updated to version 5.2.16-alt1.265784.1 for branch sisyphus in task 209753.

Severity: MEDIUM (5.6)Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Severity: LOW (3.8)Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N

References:

Severity: HIGH (8.8)Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

References:

CVE-2018-2698

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3086

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3087

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3088

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3089

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3090

Severity: HIGH (8.5)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3085

Severity: HIGH (7.1)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H

Severity: MEDIUM (5.6)Vector: AV:L/AC:L/Au:N/C:P/I:N/A:C

References:

CVE-2018-3055

Severity: LOW (1.9)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: MEDIUM (5.6)Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

References:

Severity: MEDIUM (4.3)Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Severity: LOW (2.1)Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: LOW (3.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: MEDIUM (6.6)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References:

Severity: LOW (2.1)Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: MEDIUM (4.0)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Severity: LOW (3.3)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:P

Severity: HIGH (7.1)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.5)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).

Severity: LOW (1.9)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: MEDIUM (6.3)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

References:

Package ffmpeg updated to version 4.0.2-alt1 for branch sisyphus in task 210597.

Уязвимость функции handle_eac3 фреймворка для работы с мультимедиа форматами FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2018-13302

Уязвимость мультимедийной библиотеки FFmpeg, связанная с переполнением буфера динамической памяти, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2018-1999011

Уязвимость компонента demuxer мультимедийной библиотеки FFmpeg, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2018-1999015

Уязвимость мультимедийной библиотеки FFmpeg, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2018-1999014

Уязвимость мультимедийной библиотеки FFmpeg, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2018-1999013

Уязвимость демультиплексора мультимедийной библиотеки FFmpeg, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2018-1999012

Уязвимость компонента libavformat/movenc.c мультимедийной библиотеки FFmpeg, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2018-14394

Уязвимость компонентов error_resilience.c, h263dec.c, mpeg4videodec.c мультимедийной библиотеки FFmpeg, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2018-13304

Уязвимость функции avpriv_ac3_parse_header компонента libavcodec/ac3_parser.c мультимедийной библиотеки FFmpeg, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2018-13303

Уязвимость функции ff_mpeg4_decode_picture_header компонента libavcodec/mpeg4videodec.c мультимедийной библиотеки FFmpeg, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2018-13301

In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.

Severity: MEDIUM (5.8)Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Severity: HIGH (8.1)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (6.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.

Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (6.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (6.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.

Severity: MEDIUM (5.8)Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Severity: HIGH (8.1)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (6.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later.

Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later.

Severity: HIGH (7.1)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Severity: MEDIUM (6.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: MEDIUM (6.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (6.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: MEDIUM (6.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Package wireshark updated to version 2.6.2-alt1.S1 for branch sisyphus in task 210599.

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package kernel-modules-virtualbox-addition-un-def updated to version 5.2.16-alt1.266504.1 for branch sisyphus in task 209753.

Severity: MEDIUM (5.6)Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Severity: LOW (3.8)Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N

References:

Severity: HIGH (8.8)Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

References:

CVE-2018-2698

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3086

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3087

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3088

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3089

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3090

Severity: HIGH (8.5)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3085

Severity: HIGH (7.1)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H

Severity: MEDIUM (5.6)Vector: AV:L/AC:L/Au:N/C:P/I:N/A:C

References:

CVE-2018-3055

Severity: LOW (1.9)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: MEDIUM (5.6)Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

References:

Severity: MEDIUM (4.3)Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Severity: LOW (2.1)Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: LOW (3.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: MEDIUM (6.6)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References:

Severity: LOW (2.1)Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: MEDIUM (4.0)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Severity: LOW (3.3)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:P

Severity: HIGH (7.1)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.5)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).

Severity: LOW (1.9)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: MEDIUM (6.3)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

References:

Package kernel-modules-virtualbox-un-def updated to version 5.2.16-alt1.266504.1 for branch sisyphus in task 209753.

Severity: MEDIUM (5.6)Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Severity: LOW (3.8)Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N

References:

Severity: HIGH (8.8)Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

References:

CVE-2018-2698

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3086

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3087

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3088

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3089

Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3090

Severity: HIGH (8.5)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-3085

Severity: HIGH (7.1)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H

Severity: MEDIUM (5.6)Vector: AV:L/AC:L/Au:N/C:P/I:N/A:C

References:

CVE-2018-3055

Severity: LOW (1.9)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: MEDIUM (5.6)Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

References:

Severity: MEDIUM (4.3)Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.1)Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Severity: LOW (2.1)Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: LOW (3.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: MEDIUM (6.6)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.2)Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References:

Severity: LOW (2.1)Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: MEDIUM (4.0)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Severity: LOW (3.3)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:P

Severity: HIGH (7.1)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.5)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.6)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).

Severity: LOW (1.9)Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: MEDIUM (6.3)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

References:

Version: 2.1.2

ALT-BU-2018-3363-2

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities