Все бюллетени/c10f2/ALT-PU-2024-18009-1
ALT-PU-2024-18009-1

Обновление пакета kernel-modules-virtualbox-un-def в ветке c10f2

Версия7.0.18-alt2.393557.0.c10f.2.1
Задание#348664
Опубликовано2024-06-19
Макс. серьёзностьHIGH
Серьёзность:

Закрытые проблемы (26)

BDU:2024-03172
HIGH7.8

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2024-04-22Изменено: 2024-11-14
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
Ссылки
BDU:2024-03229
HIGH7.8

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю повысить свои привилегии или выполнить произвольный код

Опубликовано: 2024-04-24Изменено: 2024-11-14
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
Ссылки
BDU:2024-03425
HIGH8.8

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код и повысить свои привилегии

Опубликовано: 2024-05-02Изменено: 2024-11-14
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
Ссылки
BDU:2024-03472
HIGH7.3

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю повысить свои привилегии

Опубликовано: 2024-05-06Изменено: 2024-11-14
CVSS 3.xВЫСОКАЯ 7.3
CVSS:3.x/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
Ссылки
BDU:2024-03479
HIGH8.8

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю повысить свои привилегии

Опубликовано: 2024-05-06Изменено: 2024-11-14
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
Ссылки
BDU:2024-03501
HIGH7.8

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю повысить свои привилегии

Опубликовано: 2024-05-06Изменено: 2024-11-14
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
Ссылки
BDU:2024-03538
HIGH8.8

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю повысить свои привилегии

Опубликовано: 2024-05-07Изменено: 2024-11-14
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
Ссылки
BDU:2024-05402
MEDIUM6.7

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2024-07-19Изменено: 2024-11-14
CVSS 3.xСРЕДНЯЯ 6.7
CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
Ссылки
BDU:2024-05407
MEDIUM5.9

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Опубликовано: 2024-07-19Изменено: 2024-11-14
CVSS 3.xСРЕДНЯЯ 5.9
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.0СРЕДНЯЯ 5.4
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:N/A:N
Ссылки
BDU:2024-05430
MEDIUM6.5

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2024-07-19Изменено: 2024-11-14
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C
Ссылки
BDU:2024-05431
LOW3.3

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю раскрыть защищаемую информацию

Опубликовано: 2024-07-19Изменено: 2024-11-14
CVSS 3.xНИЗКАЯ 3.3
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.0НИЗКАЯ 1.7
CVSS:2.0/AV:L/AC:L/Au:S/C:P/I:N/A:N
Ссылки
BDU:2024-05433
HIGH8.8

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Опубликовано: 2024-07-19Изменено: 2024-11-14
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
Ссылки
BDU:2024-05437
MEDIUM6.5

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю раскрыть защищаемую информацию

Опубликовано: 2024-07-19Изменено: 2024-11-18
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:N/A:N
Ссылки
CVE-2024-21103
HIGH7.8

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Опубликовано: 2024-04-16Изменено: 2025-03-13
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ссылки
CVE-2024-21106
MEDIUM6.5

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

Опубликовано: 2024-04-16Изменено: 2024-12-05
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Ссылки
CVE-2024-21107
MEDIUM6.7

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Опубликовано: 2024-04-16Изменено: 2025-05-08
CVSS 3.xСРЕДНЯЯ 6.7
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Ссылки
CVE-2024-21108
LOW3.3

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Опубликовано: 2024-04-16Изменено: 2024-12-05
CVSS 3.xНИЗКАЯ 3.3
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Ссылки
CVE-2024-21109
MEDIUM5.9

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Опубликовано: 2024-04-16Изменено: 2024-12-05
CVSS 3.xСРЕДНЯЯ 5.9
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Ссылки
CVE-2024-21110
HIGH7.3

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2024-04-16Изменено: 2025-05-08
CVSS 3.xВЫСОКАЯ 7.3
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Ссылки
CVE-2024-21111
HIGH7.8

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Опубликовано: 2024-04-16Изменено: 2025-05-09
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ссылки
CVE-2024-21112
HIGH8.8

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Опубликовано: 2024-04-16Изменено: 2025-03-28
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Ссылки
CVE-2024-21113
HIGH8.8

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Опубликовано: 2024-04-16Изменено: 2025-03-18
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Ссылки
CVE-2024-21114
HIGH8.8

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Опубликовано: 2024-04-16Изменено: 2025-05-08
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Ссылки
CVE-2024-21115
HIGH8.8

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Опубликовано: 2024-04-16Изменено: 2025-03-25
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Ссылки
CVE-2024-21116
HIGH7.8

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Опубликовано: 2024-04-16Изменено: 2025-06-09
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ссылки
CVE-2024-21121
MEDIUM6.5

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Опубликовано: 2024-04-16Изменено: 2025-03-27
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Ссылки