ALT-PU-2021-1693-1
Package kernel-modules-virtualbox-addition-std-def updated to version 6.1.20-alt1.330269.1 for branch sisyphus in task 270442.
Closed vulnerabilities
BDU:2021-02309
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02310
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-02311
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02312
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02313
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02314
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02315
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных
BDU:2021-02316
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02317
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02318
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02319
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02320
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02321
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных
BDU:2021-02341
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных
BDU:2021-02397
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02398
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02399
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
BDU:2021-02400
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
BDU:2021-02401
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ на изменение, добавление или удаление данных
BDU:2021-02402
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
BDU:2021-02410
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
BDU:2021-02411
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02412
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02428
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02429
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-02430
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ на изменение, добавление или удаление данных
BDU:2021-02431
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ на изменение, добавление или удаление данных
BDU:2021-02432
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ на изменение, добавление или удаление данных
BDU:2021-02437
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02438
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02439
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02440
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02441
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02450
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
BDU:2021-02979
Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить полный контроль над приложением
Modified: 2024-11-21
CVE-2021-2145
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2021-2250
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2021-2264
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 8.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N).
- [oss-security] 20210426 virtualbox: CVE-2021-2264: vboxautostart-service.sh allows injection of parameters in 'su' invocation
- [oss-security] 20210426 virtualbox: CVE-2021-2264: vboxautostart-service.sh allows injection of parameters in 'su' invocation
- [oss-security] 20210426 virtualbox: CVE-2021-25319: missing sticky bit in openSUSE packaging for /etc/box allows local root exploit for members of vboxusers group
- [oss-security] 20210426 virtualbox: CVE-2021-25319: missing sticky bit in openSUSE packaging for /etc/box allows local root exploit for members of vboxusers group
- GLSA-202208-36
- GLSA-202208-36
- https://www.oracle.com/security-alerts/cpuapr2021.html
- https://www.oracle.com/security-alerts/cpuapr2021.html
Modified: 2024-11-21
CVE-2021-2266
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
Modified: 2024-11-21
CVE-2021-2279
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2021-2280
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
Modified: 2024-11-21
CVE-2021-2281
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).
Modified: 2024-11-21
CVE-2021-2282
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
Modified: 2024-11-21
CVE-2021-2283
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
Modified: 2024-11-21
CVE-2021-2284
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).
Modified: 2024-11-21
CVE-2021-2285
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
Modified: 2024-11-21
CVE-2021-2286
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).
Modified: 2024-11-21
CVE-2021-2287
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
Modified: 2024-11-21
CVE-2021-2291
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).
Modified: 2024-11-21
CVE-2021-2296
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
Modified: 2024-11-21
CVE-2021-2297
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
Modified: 2024-11-21
CVE-2021-2306
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
Modified: 2024-11-21
CVE-2021-2309
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2021-2310
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2021-2312
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2321
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).