MEDIUM5.0
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PReferences
ALT-PU-2016-1929-1Package update kernel-modules-virtualbox-std-def in branch c7
Severity:
Closed issues (24)
LOW2.1
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PReferences
MEDIUM4.9
Уязвимость гипервизора Xen, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CReferences
MEDIUM4.7
Уязвимость гипервизора Xen, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:CReferences
MEDIUM6.6
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю нарушить безопасность информации
CVSS 2.0MEDIUM 6.6
CVSS:2.0/AV:L/AC:M/Au:S/C:C/I:C/A:CReferences
MEDIUM5.0
Уязвимость реализации ASN1_TFLG_COMBINE библиотеки OpenSSL, позволяющая нарушителю получить защищаемую информацию из памяти процесса
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PReferences
MEDIUM4.3
Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PReferences
LOW3.2
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.
CVSS 2.0LOW 3.2
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:P/A:PReferences
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- https://security.gentoo.org/glsa/201612-27
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- https://security.gentoo.org/glsa/201612-27
LOW3.2
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.
CVSS 2.0LOW 3.2
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:P/A:PReferences
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- https://security.gentoo.org/glsa/201612-27
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- https://security.gentoo.org/glsa/201612-27
LOW3.2
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427.
CVSS 2.0LOW 3.2
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:P/A:PReferences
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- https://security.gentoo.org/glsa/201612-27
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- https://security.gentoo.org/glsa/201612-27
LOW3.2
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427.
CVSS 2.0LOW 3.2
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:P/A:PReferences
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- https://security.gentoo.org/glsa/201612-27
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- https://security.gentoo.org/glsa/201612-27
LOW3.2
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595.
CVSS 2.0LOW 3.2
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:P/A:PReferences
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.securityfocus.com/bid/72216
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100181
- https://security.gentoo.org/glsa/201612-27
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.securityfocus.com/bid/72216
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100181
- https://security.gentoo.org/glsa/201612-27
MEDIUM6.6
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
CVSS 2.0MEDIUM 6.6
CVSS:2.0/AV:L/AC:M/Au:S/C:C/I:C/A:CReferences
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html
- http://www.debian.org/security/2015/dsa-3359
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.securityfocus.com/bid/75899
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html
- http://www.debian.org/security/2015/dsa-3359
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.securityfocus.com/bid/75899
MEDIUM5.3
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LReferences
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html
- http://marc.info/?l=bugtraq&m=145382583417444&w=2
- http://openssl.org/news/secadv/20151203.txt
- http://rhn.redhat.com/errata/RHSA-2015-2616.html
- http://rhn.redhat.com/errata/RHSA-2015-2617.html
- http://rhn.redhat.com/errata/RHSA-2016-2056.html
- http://rhn.redhat.com/errata/RHSA-2016-2957.html
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
- http://www.debian.org/security/2015/dsa-3413
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/78626
- http://www.securityfocus.com/bid/91787
- http://www.securitytracker.com/id/1034294
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
- http://www.ubuntu.com/usn/USN-2830-1
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- https://support.apple.com/HT206167
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html
- http://marc.info/?l=bugtraq&m=145382583417444&w=2
- http://openssl.org/news/secadv/20151203.txt
- http://rhn.redhat.com/errata/RHSA-2015-2616.html
- http://rhn.redhat.com/errata/RHSA-2015-2617.html
- http://rhn.redhat.com/errata/RHSA-2016-2056.html
- http://rhn.redhat.com/errata/RHSA-2016-2957.html
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
- http://www.debian.org/security/2015/dsa-3413
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/78626
- http://www.securityfocus.com/bid/91787
- http://www.securitytracker.com/id/1034294
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
- http://www.ubuntu.com/usn/USN-2830-1
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- https://support.apple.com/HT206167
MEDIUM4.3
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PReferences
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
- http://marc.info/?l=bugtraq&m=145382583417444&w=2
- http://openssl.org/news/secadv/20151203.txt
- http://rhn.redhat.com/errata/RHSA-2015-2617.html
- http://rhn.redhat.com/errata/RHSA-2016-2957.html
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
- http://www.debian.org/security/2015/dsa-3413
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/78622
- http://www.securitytracker.com/id/1034294
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
- http://www.ubuntu.com/usn/USN-2830-1
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
- http://marc.info/?l=bugtraq&m=145382583417444&w=2
- http://openssl.org/news/secadv/20151203.txt
- http://rhn.redhat.com/errata/RHSA-2015-2617.html
- http://rhn.redhat.com/errata/RHSA-2016-2957.html
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
- http://www.debian.org/security/2015/dsa-3413
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/78622
- http://www.securitytracker.com/id/1034294
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
- http://www.ubuntu.com/usn/USN-2830-1
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
LOW2.1
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core.
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PReferences
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00172.html
- http://www.debian.org/security/2015/dsa-3384
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.securityfocus.com/bid/77185
- http://www.securitytracker.com/id/1033880
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00172.html
- http://www.debian.org/security/2015/dsa-3384
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.securityfocus.com/bid/77185
- http://www.securitytracker.com/id/1033880
MEDIUM5.0
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PReferences
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00172.html
- http://www.debian.org/security/2015/dsa-3384
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.securityfocus.com/bid/77198
- http://www.securitytracker.com/id/1033880
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00172.html
- http://www.debian.org/security/2015/dsa-3384
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.securityfocus.com/bid/77198
- http://www.securitytracker.com/id/1033880
MEDIUM4.9
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CReferences
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
- http://rhn.redhat.com/errata/RHSA-2015-2636.html
- http://rhn.redhat.com/errata/RHSA-2015-2645.html
- http://rhn.redhat.com/errata/RHSA-2016-0046.html
- http://support.citrix.com/article/CTX202583
- http://www.debian.org/security/2015/dsa-3396
- http://www.debian.org/security/2015/dsa-3414
- http://www.debian.org/security/2016/dsa-3454
- http://www.openwall.com/lists/oss-security/2015/11/10/6
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/77528
- http://www.securitytracker.com/id/1034105
- http://www.ubuntu.com/usn/USN-2800-1
- http://www.ubuntu.com/usn/USN-2801-1
- http://www.ubuntu.com/usn/USN-2802-1
- http://www.ubuntu.com/usn/USN-2803-1
- http://www.ubuntu.com/usn/USN-2804-1
- http://www.ubuntu.com/usn/USN-2805-1
- http://www.ubuntu.com/usn/USN-2806-1
- http://www.ubuntu.com/usn/USN-2807-1
- http://xenbits.xen.org/xsa/advisory-156.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1277172
- https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed
- https://kb.juniper.net/JSA10783
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
- http://rhn.redhat.com/errata/RHSA-2015-2636.html
- http://rhn.redhat.com/errata/RHSA-2015-2645.html
- http://rhn.redhat.com/errata/RHSA-2016-0046.html
- http://support.citrix.com/article/CTX202583
- http://www.debian.org/security/2015/dsa-3396
- http://www.debian.org/security/2015/dsa-3414
- http://www.debian.org/security/2016/dsa-3454
- http://www.openwall.com/lists/oss-security/2015/11/10/6
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/77528
- http://www.securitytracker.com/id/1034105
- http://www.ubuntu.com/usn/USN-2800-1
- http://www.ubuntu.com/usn/USN-2801-1
- http://www.ubuntu.com/usn/USN-2802-1
- http://www.ubuntu.com/usn/USN-2803-1
- http://www.ubuntu.com/usn/USN-2804-1
- http://www.ubuntu.com/usn/USN-2805-1
- http://www.ubuntu.com/usn/USN-2806-1
- http://www.ubuntu.com/usn/USN-2807-1
- http://xenbits.xen.org/xsa/advisory-156.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1277172
- https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed
- https://kb.juniper.net/JSA10783
CRITICAL10.0
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
CVSS 2.0MEDIUM 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:CCVSS 3.xCRITICAL 10.0
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HReferences
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
- http://rhn.redhat.com/errata/RHSA-2015-2636.html
- http://rhn.redhat.com/errata/RHSA-2015-2645.html
- http://rhn.redhat.com/errata/RHSA-2016-0046.html
- http://support.citrix.com/article/CTX202583
- http://support.citrix.com/article/CTX203879
- http://www.debian.org/security/2015/dsa-3414
- http://www.debian.org/security/2015/dsa-3426
- http://www.debian.org/security/2016/dsa-3454
- http://www.openwall.com/lists/oss-security/2015/11/10/5
- http://www.openwall.com/lists/oss-security/2023/10/10/4
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/77524
- http://www.securityfocus.com/bid/91787
- http://www.securitytracker.com/id/1034105
- http://www.ubuntu.com/usn/USN-2840-1
- http://www.ubuntu.com/usn/USN-2841-1
- http://www.ubuntu.com/usn/USN-2841-2
- http://www.ubuntu.com/usn/USN-2842-1
- http://www.ubuntu.com/usn/USN-2842-2
- http://www.ubuntu.com/usn/USN-2843-1
- http://www.ubuntu.com/usn/USN-2843-2
- http://www.ubuntu.com/usn/USN-2844-1
- http://xenbits.xen.org/xsa/advisory-156.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1278496
- https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d
- https://kb.juniper.net/JSA10783
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
- http://rhn.redhat.com/errata/RHSA-2015-2636.html
- http://rhn.redhat.com/errata/RHSA-2015-2645.html
- http://rhn.redhat.com/errata/RHSA-2016-0046.html
- http://support.citrix.com/article/CTX202583
- http://support.citrix.com/article/CTX203879
- http://www.debian.org/security/2015/dsa-3414
- http://www.debian.org/security/2015/dsa-3426
- http://www.debian.org/security/2016/dsa-3454
- http://www.openwall.com/lists/oss-security/2015/11/10/5
- http://www.openwall.com/lists/oss-security/2023/10/10/4
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/77524
- http://www.securityfocus.com/bid/91787
- http://www.securitytracker.com/id/1034105
- http://www.ubuntu.com/usn/USN-2840-1
- http://www.ubuntu.com/usn/USN-2841-1
- http://www.ubuntu.com/usn/USN-2841-2
- http://www.ubuntu.com/usn/USN-2842-1
- http://www.ubuntu.com/usn/USN-2842-2
- http://www.ubuntu.com/usn/USN-2843-1
- http://www.ubuntu.com/usn/USN-2843-2
- http://www.ubuntu.com/usn/USN-2844-1
- http://xenbits.xen.org/xsa/advisory-156.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1278496
- https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d
- https://kb.juniper.net/JSA10783
MEDIUM4.3
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PReferences
- http://www.debian.org/security/2016/dsa-3454
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.securityfocus.com/bid/81214
- http://www.securitytracker.com/id/1034731
- http://www.debian.org/security/2016/dsa-3454
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.securityfocus.com/bid/81214
- http://www.securitytracker.com/id/1034731
LOW2.1
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core.
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PReferences
- http://www.debian.org/security/2016/dsa-3454
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.securityfocus.com/bid/81224
- http://www.securitytracker.com/id/1034731
- http://www.debian.org/security/2016/dsa-3454
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.securityfocus.com/bid/81224
- http://www.securitytracker.com/id/1034731
MEDIUM6.2
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."
CVSS 2.0MEDIUM 6.2
CVSS:2.0/AV:L/AC:H/Au:N/C:C/I:C/A:CReferences
- http://seclists.org/fulldisclosure/2016/Feb/54
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.securityfocus.com/archive/1/537462/100/0/threaded
- http://www.securitytracker.com/id/1034731
- http://seclists.org/fulldisclosure/2016/Feb/54
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.securityfocus.com/archive/1/537462/100/0/threaded
- http://www.securitytracker.com/id/1034731
MEDIUM5.5
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core.
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HReferences
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91864
- http://www.securitytracker.com/id/1036384
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91864
- http://www.securitytracker.com/id/1036384
MEDIUM5.9
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:NCVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91860
- http://www.securitytracker.com/id/1036384
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91860
- http://www.securitytracker.com/id/1036384