ID CVE-2018-3297 Type cve Reporter cve@mitre.org Modified 2019-10-03T00:03:00
Description
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
{"id": "CVE-2018-3297", "bulletinFamily": "NVD", "title": "CVE-2018-3297", "description": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", "published": "2018-10-17T01:31:00", "modified": "2019-10-03T00:03:00", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3297", "reporter": "cve@mitre.org", "references": ["http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securitytracker.com/id/1041887", "http://www.securityfocus.com/bid/105619", "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"], "cvelist": ["CVE-2018-3297"], "type": "cve", "lastseen": "2021-02-02T06:52:37", "edition": 8, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "zdi", "idList": ["ZDI-18-1278", "ZDI-18-1266"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310852640", "OPENVAS:1361412562310814266", "OPENVAS:1361412562310814264", "OPENVAS:1361412562310814265"]}, {"type": "kaspersky", "idList": ["KLA11339"]}, {"type": "nessus", "idList": ["OPENSUSE-2019-863.NASL", "OPENSUSE-2018-1330.NASL", "VIRTUALBOX_5_2_20.NASL", "OPENSUSE-2019-1814.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1814-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2018", "ORACLE:CPUOCT2018-4428296"]}], "modified": "2021-02-02T06:52:37", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2021-02-02T06:52:37", "rev": 2}, "vulnersScore": 4.7}, "cpe": [], "affectedSoftware": [{"cpeName": "oracle:vm_virtualbox", "name": "oracle vm virtualbox", "operator": "lt", "version": "5.2.20"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 6.0}, "cpe23": [], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:5.2.20:*:*:*:*:*:*:*", "versionEndExcluding": "5.2.20", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "openSUSE-SU-2019:1814", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"name": "1041887", "refsource": "SECTRACK", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041887"}, {"name": "105619", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105619"}], "immutableFields": []}
{"zdi": [{"lastseen": "2020-06-22T11:40:39", "bulletinFamily": "info", "cvelist": ["CVE-2018-3297"], "description": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the crServerDispatchGenRenderbuffersEXT method. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor.", "edition": 1, "modified": "2018-06-22T00:00:00", "published": "2018-10-17T00:00:00", "id": "ZDI-18-1278", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-1278/", "title": "Oracle VirtualBox crServerDispatchGenRenderbuffersEXT Integer Overflow Privilege Escalation Vulnerability", "type": "zdi", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-22T11:40:16", "bulletinFamily": "info", "cvelist": ["CVE-2018-3297"], "description": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the crServerDispatchGenRenderbuffersEXT method. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor.", "edition": 1, "modified": "2018-06-22T00:00:00", "published": "2018-10-17T00:00:00", "id": "ZDI-18-1266", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-1266/", "title": "Oracle VirtualBox crServerDispatchGenRenderbuffersEXT Integer Overflow Privilege Escalation Vulnerability", "type": "zdi", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:41:29", "bulletinFamily": "info", "cvelist": ["CVE-2018-0732", "CVE-2018-3297", "CVE-2018-3294", "CVE-2018-3287", "CVE-2018-3293", "CVE-2018-3292", "CVE-2018-3291", "CVE-2018-3298", "CVE-2018-3290", "CVE-2018-2909", "CVE-2018-3296", "CVE-2018-3288", "CVE-2018-3295", "CVE-2018-3289"], "description": "### *Detect date*:\n10/16/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities were found in Oracle VM Virtual Box. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service.\n\n### *Affected products*:\nOracle VM Virtual Box versions earlier than 5.2.20\n\n### *Solution*:\nUpdate to the latest version \n[Download Oracle Virtual Box](<https://www.virtualbox.org/wiki/Downloads>)\n\n### *Original advisories*:\n[Oracle Critical Patch Update Advisory \u2013 October 2018](<https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixOVIR>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Oracle VirtualBox](<https://threats.kaspersky.com/en/product/Oracle-VirtualBox/>)\n\n### *CVE-IDS*:\n[CVE-2018-3294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3294>)9.0Critical \n[CVE-2018-3288](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3288>)8.6Critical \n[CVE-2018-3289](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3289>)8.6Critical \n[CVE-2018-3290](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3290>)8.6Critical \n[CVE-2018-3296](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3296>)8.6Critical \n[CVE-2018-3297](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3297>)8.6Critical \n[CVE-2018-2909](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2909>)8.6Critical \n[CVE-2018-3298](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3298>)8.6Critical \n[CVE-2018-3291](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3291>)8.6Critical \n[CVE-2018-3292](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3292>)8.6Critical \n[CVE-2018-3293](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3293>)8.6Critical \n[CVE-2018-3295](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3295>)8.6Critical \n[CVE-2018-3287](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3287>)8.6Critical \n[CVE-2018-0732](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732>)7.5Critical", "edition": 21, "modified": "2020-05-22T00:00:00", "published": "2018-10-16T00:00:00", "id": "KLA11339", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11339", "title": "\r KLA11339Multiple vulnerabilities in Oracle Virtual Box ", "type": "kaspersky", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-07-17T14:18:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0732", "CVE-2018-3297", "CVE-2018-3294", "CVE-2018-3287", "CVE-2018-3293", "CVE-2018-3292", "CVE-2018-3291", "CVE-2018-3298", "CVE-2018-3290", "CVE-2018-2909", "CVE-2018-3296", "CVE-2018-3288", "CVE-2018-3295", "CVE-2018-3289"], "description": "The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-10-17T00:00:00", "id": "OPENVAS:1361412562310814266", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814266", "type": "openvas", "title": "Oracle VirtualBox Security Updates (oct2018-4428296) 03 - MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle VirtualBox Security Updates (oct2018-4428296)-MAC OS X\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814266\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-3287\", \"CVE-2018-0732\", \"CVE-2018-2909\", \"CVE-2018-3290\",\n \"CVE-2018-3291\", \"CVE-2018-3292\", \"CVE-2018-3293\", \"CVE-2018-3294\",\n \"CVE-2018-3295\", \"CVE-2018-3296\", \"CVE-2018-3297\", \"CVE-2018-3298\",\n \"CVE-2018-3289\", \"CVE-2018-3288\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 12:26:38 +0530 (Wed, 17 Oct 2018)\");\n script_name(\"Oracle VirtualBox Security Updates (oct2018-4428296) 03 - MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n unspecified errors within 'Core' component of Oracle VM VirtualBox.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attackers to gain elevated privileges on the host system and complete\n takeover of the Oracle VM VirtualBox.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions Prior to 5.2.20 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox 5.2.20 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixOVIR\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_oracle_virtualbox_detect_macosx.nasl\");\n script_mandatory_keys(\"Oracle/VirtualBox/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvirtualVer = infos['version'];\npath = infos['location'];\n\nif(virtualVer =~ \"^5\\.2\")\n{\n if(version_is_less(version:virtualVer, test_version:\"5.2.20\"))\n {\n report = report_fixed_ver(installed_version:virtualVer, fixed_version: \"5.2.20\", install_path:path);\n security_message(data:report);\n exit(0);\n }\n}\nexit(99);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:18:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0732", "CVE-2018-3297", "CVE-2018-3294", "CVE-2018-3287", "CVE-2018-3293", "CVE-2018-3292", "CVE-2018-3291", "CVE-2018-3298", "CVE-2018-3290", "CVE-2018-2909", "CVE-2018-3296", "CVE-2018-3288", "CVE-2018-3295", "CVE-2018-3289"], "description": "The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-10-17T00:00:00", "id": "OPENVAS:1361412562310814264", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814264", "type": "openvas", "title": "Oracle VirtualBox Security Updates (oct2018-4428296)-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle VirtualBox Security Updates (oct2018-4428296)-Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814264\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-3287\", \"CVE-2018-0732\", \"CVE-2018-2909\", \"CVE-2018-3290\",\n \"CVE-2018-3291\", \"CVE-2018-3292\", \"CVE-2018-3293\", \"CVE-2018-3294\",\n \"CVE-2018-3295\", \"CVE-2018-3296\", \"CVE-2018-3297\", \"CVE-2018-3298\",\n \"CVE-2018-3289\", \"CVE-2018-3288\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 12:26:17 +0530 (Wed, 17 Oct 2018)\");\n script_name(\"Oracle VirtualBox Security Updates (oct2018-4428296)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n unspecified errors within 'Core' component of Oracle VM VirtualBox.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attackers to gain elevated privileges on the host system and complete\n takeover of the Oracle VM VirtualBox.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions prior to 5.2.20 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox 5.2.20 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixOVIR\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_sun_virtualbox_detect_win.nasl\");\n script_mandatory_keys(\"Oracle/VirtualBox/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvirtualVer = infos['version'];\npath = infos['location'];\n\nif(virtualVer =~ \"^5\\.2\")\n{\n if(version_is_less(version:virtualVer, test_version:\"5.2.20\"))\n {\n report = report_fixed_ver(installed_version:virtualVer, fixed_version: \"5.2.20\", install_path:path);\n security_message(data:report);\n exit(0);\n }\n}\nexit(99);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:18:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0732", "CVE-2018-3297", "CVE-2018-3294", "CVE-2018-3287", "CVE-2018-3293", "CVE-2018-3292", "CVE-2018-3291", "CVE-2018-3298", "CVE-2018-3290", "CVE-2018-2909", "CVE-2018-3296", "CVE-2018-3288", "CVE-2018-3295", "CVE-2018-3289"], "description": "The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-10-17T00:00:00", "id": "OPENVAS:1361412562310814265", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814265", "type": "openvas", "title": "Oracle VirtualBox Security Updates (oct2018-4428296) 02 - Linux", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle VirtualBox Security Updates (oct2018-4428296)-Linux\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814265\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-3287\", \"CVE-2018-0732\", \"CVE-2018-2909\", \"CVE-2018-3290\",\n \"CVE-2018-3291\", \"CVE-2018-3292\", \"CVE-2018-3293\", \"CVE-2018-3294\",\n \"CVE-2018-3295\", \"CVE-2018-3296\", \"CVE-2018-3297\", \"CVE-2018-3298\",\n \"CVE-2018-3289\", \"CVE-2018-3288\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 12:26:23 +0530 (Wed, 17 Oct 2018)\");\n script_name(\"Oracle VirtualBox Security Updates (oct2018-4428296) 02 - Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n unspecified errors within 'Core' component of Oracle VM VirtualBox.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attackers to gain elevated privileges on the host system and complete\n takeover of the Oracle VM VirtualBox.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions Prior to 5.2.20 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox 5.2.20 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixOVIR\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_sun_virtualbox_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/VirtualBox/Lin/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvirtualVer = infos['version'];\npath = infos['location'];\n\nif(virtualVer =~ \"^5\\.2\")\n{\n if(version_is_less(version:virtualVer, test_version:\"5.2.20\"))\n {\n report = report_fixed_ver(installed_version:virtualVer, fixed_version: \"5.2.20\", install_path:path);\n security_message(data:report);\n exit(0);\n }\n}\nexit(99);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:48:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2509", "CVE-2019-2679", "CVE-2019-2451", "CVE-2019-2678", "CVE-2019-2867", "CVE-2018-3297", "CVE-2019-2525", "CVE-2019-2703", "CVE-2019-2574", "CVE-2018-3294", "CVE-2018-0734", "CVE-2018-3293", "CVE-2018-3292", "CVE-2019-2448", "CVE-2019-2850", "CVE-2019-2511", "CVE-2019-2722", "CVE-2018-3291", "CVE-2018-3298", "CVE-2019-2877", "CVE-2019-2554", "CVE-2019-2848", "CVE-2019-1543", "CVE-2019-2527", "CVE-2018-3290", "CVE-2019-2865", "CVE-2019-2656", "CVE-2019-2866", "CVE-2019-2723", "CVE-2018-3296", "CVE-2018-3288", "CVE-2019-2555", "CVE-2019-2696", "CVE-2019-2875", "CVE-2018-11763", "CVE-2019-2859", "CVE-2019-2721", "CVE-2018-11784", "CVE-2019-2450", "CVE-2019-2657", "CVE-2018-3295", "CVE-2019-2873", "CVE-2019-2690", "CVE-2018-3289", "CVE-2019-2864", "CVE-2019-2556", "CVE-2019-2876", "CVE-2019-2680", "CVE-2019-2508", "CVE-2019-2446", "CVE-2019-2874", "CVE-2019-2863"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-07-31T00:00:00", "id": "OPENVAS:1361412562310852640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852640", "type": "openvas", "title": "openSUSE: Security Advisory for virtualbox (openSUSE-SU-2019:1814-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852640\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-11763\", \"CVE-2018-11784\", \"CVE-2018-3288\",\n \"CVE-2018-3289\", \"CVE-2018-3290\", \"CVE-2018-3291\", \"CVE-2018-3292\",\n \"CVE-2018-3293\", \"CVE-2018-3294\", \"CVE-2018-3295\", \"CVE-2018-3296\",\n \"CVE-2018-3297\", \"CVE-2018-3298\", \"CVE-2019-1543\", \"CVE-2019-2446\",\n \"CVE-2019-2448\", \"CVE-2019-2450\", \"CVE-2019-2451\", \"CVE-2019-2508\",\n \"CVE-2019-2509\", \"CVE-2019-2511\", \"CVE-2019-2525\", \"CVE-2019-2527\",\n \"CVE-2019-2554\", \"CVE-2019-2555\", \"CVE-2019-2556\", \"CVE-2019-2574\",\n \"CVE-2019-2656\", \"CVE-2019-2657\", \"CVE-2019-2678\", \"CVE-2019-2679\",\n \"CVE-2019-2680\", \"CVE-2019-2690\", \"CVE-2019-2696\", \"CVE-2019-2703\",\n \"CVE-2019-2721\", \"CVE-2019-2722\", \"CVE-2019-2723\", \"CVE-2019-2848\",\n \"CVE-2019-2850\", \"CVE-2019-2859\", \"CVE-2019-2863\", \"CVE-2019-2864\",\n \"CVE-2019-2865\", \"CVE-2019-2866\", \"CVE-2019-2867\", \"CVE-2019-2873\",\n \"CVE-2019-2874\", \"CVE-2019-2875\", \"CVE-2019-2876\", \"CVE-2019-2877\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-31 02:00:38 +0000 (Wed, 31 Jul 2019)\");\n script_name(\"openSUSE: Security Advisory for virtualbox (openSUSE-SU-2019:1814-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1814-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'virtualbox'\n package(s) announced via the openSUSE-SU-2019:1814-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for virtualbox to version 6.0.10 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864 CVE-2019-2865\n CVE-2019-1543 CVE-2019-2863 CVE-2019-2848 CVE-2019-2877 CVE-2019-2873\n CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2850 (boo#1141801)\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1814=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1814=1\");\n\n script_tag(name:\"affected\", value:\"'virtualbox' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-desktop-icons\", rpm:\"virtualbox-guest-desktop-icons~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-source\", rpm:\"virtualbox-guest-source~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-virtualbox\", rpm:\"python3-virtualbox~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-virtualbox-debuginfo\", rpm:\"python3-virtualbox-debuginfo~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~6.0.10_k4.12.14_lp150.12.67~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"<br>virtualbox-guest-kmp-default-debuginfo\", rpm:\"<br>virtualbox-guest-kmp-default-debuginfo~6.0.10_k4.12.14_lp150.12.67~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~6.0.10_k4.12.14_lp150.12.67~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"<br>virtualbox-host-kmp-default-debuginfo\", rpm:\"<br>virtualbox-host-kmp-default-debuginfo~6.0.10_k4.12.14_lp150.12.67~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-vnc\", rpm:\"virtualbox-vnc~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-20T12:34:46", "description": "This update for VirtualBox 5.2.20 fixes security issues and bugs.\n\nA number of vulnerabilities were fixed a affecting multiple components\nof VirtualBox bsc#1112097: CVE-2018-0732, CVE-2018-2909,\nCVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290,\nCVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294,\nCVE-2018-3295, CVE-2018-3296, CVE-2018-3297, and CVE-2018-3298. \n\nThis update also contains various bug fixes in the 5.2.20 release :\n\n - VMM: fixed task switches triggered by INTn instruction\n\n - Storage: fixed connecting to certain iSCSI targets\n\n - Storage: fixed handling of flush requests when\n configured to be ignored when the host I/O cache is used\n\n - Drag and drop fixes\n\n - Video recording: fixed starting video recording on VM\n power up\n\n - Various fixes to Linux Additions", "edition": 15, "cvss3": {"score": 9.0, "vector": "AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-31T00:00:00", "title": "openSUSE Security Update : VirtualBox (openSUSE-2018-1330)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0732", "CVE-2018-3297", "CVE-2018-3294", "CVE-2018-3287", "CVE-2018-3293", "CVE-2018-3292", "CVE-2018-3291", "CVE-2018-3298", "CVE-2018-3290", "CVE-2018-2909", "CVE-2018-3296", "CVE-2018-3288", "CVE-2018-3295", "CVE-2018-3289"], "modified": "2018-10-31T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-vnc", "p-cpe:/a:novell:opensuse:virtualbox-guest-source", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:python3-virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons"], "id": "OPENSUSE-2018-1330.NASL", "href": "https://www.tenable.com/plugins/nessus/118562", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1330.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118562);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0732\", \"CVE-2018-2909\", \"CVE-2018-3287\", \"CVE-2018-3288\", \"CVE-2018-3289\", \"CVE-2018-3290\", \"CVE-2018-3291\", \"CVE-2018-3292\", \"CVE-2018-3293\", \"CVE-2018-3294\", \"CVE-2018-3295\", \"CVE-2018-3296\", \"CVE-2018-3297\", \"CVE-2018-3298\");\n\n script_name(english:\"openSUSE Security Update : VirtualBox (openSUSE-2018-1330)\");\n script_summary(english:\"Check for the openSUSE-2018-1330 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for VirtualBox 5.2.20 fixes security issues and bugs.\n\nA number of vulnerabilities were fixed a affecting multiple components\nof VirtualBox bsc#1112097: CVE-2018-0732, CVE-2018-2909,\nCVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290,\nCVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294,\nCVE-2018-3295, CVE-2018-3296, CVE-2018-3297, and CVE-2018-3298. \n\nThis update also contains various bug fixes in the 5.2.20 release :\n\n - VMM: fixed task switches triggered by INTn instruction\n\n - Storage: fixed connecting to certain iSCSI targets\n\n - Storage: fixed handling of flush requests when\n configured to be ignored when the host I/O cache is used\n\n - Drag and drop fixes\n\n - Video recording: fixed starting video recording on VM\n power up\n\n - Various fixes to Linux Additions\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112097\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected VirtualBox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-vnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-virtualbox-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-virtualbox-debuginfo-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-debuginfo-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-debugsource-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-devel-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-desktop-icons-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-kmp-default-5.2.20_k4.12.14_lp150.12.22-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-kmp-default-debuginfo-5.2.20_k4.12.14_lp150.12.22-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-source-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-tools-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-tools-debuginfo-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-x11-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-x11-debuginfo-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-host-kmp-default-5.2.20_k4.12.14_lp150.12.22-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-host-kmp-default-debuginfo-5.2.20_k4.12.14_lp150.12.22-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-host-source-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-qt-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-qt-debuginfo-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-vnc-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-websrv-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-websrv-debuginfo-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-virtualbox-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-virtualbox-debuginfo-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-debuginfo-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-debugsource-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-devel-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-desktop-icons-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-kmp-default-5.2.20_k4.4.159_73-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-kmp-default-debuginfo-5.2.20_k4.4.159_73-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-source-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-tools-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-tools-debuginfo-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-x11-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-x11-debuginfo-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-host-kmp-default-5.2.20_k4.4.159_73-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-host-kmp-default-debuginfo-5.2.20_k4.4.159_73-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-host-source-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-qt-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-qt-debuginfo-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-vnc-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-websrv-5.2.20-60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-websrv-debuginfo-5.2.20-60.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3-virtualbox / python3-virtualbox-debuginfo / virtualbox / etc\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:54:21", "description": "This update for VirtualBox 5.2.20 fixes security issues and bugs.\n\nA number of vulnerabilities were fixed a affecting multiple components\nof VirtualBox bsc#1112097: CVE-2018-0732, CVE-2018-2909,\nCVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290,\nCVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294,\nCVE-2018-3295, CVE-2018-3296, CVE-2018-3297, and CVE-2018-3298. \n\nThis update also contains various bug fixes in the 5.2.20 release :\n\n - VMM: fixed task switches triggered by INTn instruction\n\n - Storage: fixed connecting to certain iSCSI targets\n\n - Storage: fixed handling of flush requests when\n configured to be ignored when the host I/O cache is used\n\n - Drag and drop fixes\n\n - Video recording: fixed starting video recording on VM\n power up\n\n - Various fixes to Linux Additions", "edition": 12, "cvss3": {"score": 9.0, "vector": "AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : VirtualBox (openSUSE-2019-863)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0732", "CVE-2018-3297", "CVE-2018-3294", "CVE-2018-3287", "CVE-2018-3293", "CVE-2018-3292", "CVE-2018-3291", "CVE-2018-3298", "CVE-2018-3290", "CVE-2018-2909", "CVE-2018-3296", "CVE-2018-3288", "CVE-2018-3295", "CVE-2018-3289"], "modified": "2019-03-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-vnc", "p-cpe:/a:novell:opensuse:virtualbox-guest-source", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:python3-virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons"], "id": "OPENSUSE-2019-863.NASL", "href": "https://www.tenable.com/plugins/nessus/123360", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-863.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123360);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0732\", \"CVE-2018-2909\", \"CVE-2018-3287\", \"CVE-2018-3288\", \"CVE-2018-3289\", \"CVE-2018-3290\", \"CVE-2018-3291\", \"CVE-2018-3292\", \"CVE-2018-3293\", \"CVE-2018-3294\", \"CVE-2018-3295\", \"CVE-2018-3296\", \"CVE-2018-3297\", \"CVE-2018-3298\");\n\n script_name(english:\"openSUSE Security Update : VirtualBox (openSUSE-2019-863)\");\n script_summary(english:\"Check for the openSUSE-2019-863 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for VirtualBox 5.2.20 fixes security issues and bugs.\n\nA number of vulnerabilities were fixed a affecting multiple components\nof VirtualBox bsc#1112097: CVE-2018-0732, CVE-2018-2909,\nCVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290,\nCVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294,\nCVE-2018-3295, CVE-2018-3296, CVE-2018-3297, and CVE-2018-3298. \n\nThis update also contains various bug fixes in the 5.2.20 release :\n\n - VMM: fixed task switches triggered by INTn instruction\n\n - Storage: fixed connecting to certain iSCSI targets\n\n - Storage: fixed handling of flush requests when\n configured to be ignored when the host I/O cache is used\n\n - Drag and drop fixes\n\n - Video recording: fixed starting video recording on VM\n power up\n\n - Various fixes to Linux Additions\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112097\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected VirtualBox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-vnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-virtualbox-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-virtualbox-debuginfo-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-debuginfo-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-debugsource-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-devel-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-desktop-icons-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-kmp-default-5.2.20_k4.12.14_lp150.12.22-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-kmp-default-debuginfo-5.2.20_k4.12.14_lp150.12.22-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-source-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-tools-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-tools-debuginfo-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-x11-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-guest-x11-debuginfo-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-host-kmp-default-5.2.20_k4.12.14_lp150.12.22-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-host-kmp-default-debuginfo-5.2.20_k4.12.14_lp150.12.22-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-host-source-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-qt-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-qt-debuginfo-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-vnc-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-websrv-5.2.20-lp150.4.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"virtualbox-websrv-debuginfo-5.2.20-lp150.4.20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3-virtualbox / python3-virtualbox-debuginfo / virtualbox / etc\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-04-01T07:42:13", "description": "The version of Oracle VM VirtualBox running on the remote host is\n5.2.x prior to 5.2.20. It is, therefore, affected by multiple\nvulnerabilities as noted in the October 2018 Critical Patch Update\nadvisory : \n\n - An unspecified vulnerability in the Oracle VM\n VirtualBox component of Oracle Virtualization in the\n Core subcomponent could allow an unauthenticated,\n remote attacker with logon to the infrastructure where\n Oracle VM VirtualBox executes to compromise Oracle VM\n VirtualBox. (CVE-2018-2909, CVE-2018-3287,\n CVE-2018-3288, CVE-2018-3289, CVE-2018-3290,\n CVE-2018-3291, CVE-2018-3292, CVE-2018-3293,\n CVE-2018-3294, CVE-2018-3295, CVE-2018-3296,\n CVE-2018-3297, CVE-2018-3298)\n\n - An unspecified vulnerability in the Oracle VM\n VirtualBox component of Oracle Virtualization in the\n OpenSSL subcomponent could allow an unauthenticated,\n remote attacker with network access via TLS to\n compromise Oracle VM VirtualBox. (CVE-2018-0732)\n\nPlease consult the CVRF details for the applicable CVEs for\nadditional information.\n\nNessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 29, "cvss3": {"score": 9.0, "vector": "AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-18T00:00:00", "title": "Oracle VM VirtualBox < 5.2.20 Multiple Vulnerabilities (Oct 2018 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0732", "CVE-2018-3297", "CVE-2018-3294", "CVE-2018-3287", "CVE-2018-3293", "CVE-2018-3292", "CVE-2018-3291", "CVE-2018-3298", "CVE-2018-3290", "CVE-2018-2909", "CVE-2018-3296", "CVE-2018-3288", "CVE-2018-3295", "CVE-2018-3289"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:oracle:vm_virtualbox"], "id": "VIRTUALBOX_5_2_20.NASL", "href": "https://www.tenable.com/plugins/nessus/118204", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118204);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-0732\",\n \"CVE-2018-2909\",\n \"CVE-2018-3287\",\n \"CVE-2018-3288\",\n \"CVE-2018-3289\",\n \"CVE-2018-3290\",\n \"CVE-2018-3291\",\n \"CVE-2018-3292\",\n \"CVE-2018-3293\",\n \"CVE-2018-3294\",\n \"CVE-2018-3295\",\n \"CVE-2018-3296\",\n \"CVE-2018-3297\",\n \"CVE-2018-3298\"\n );\n script_bugtraq_id(104442);\n\n script_name(english:\"Oracle VM VirtualBox < 5.2.20 Multiple Vulnerabilities (Oct 2018 CPU)\");\n script_summary(english:\"Performs a version check on VirtualBox.exe\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle VM VirtualBox running on the remote host is\n5.2.x prior to 5.2.20. It is, therefore, affected by multiple\nvulnerabilities as noted in the October 2018 Critical Patch Update\nadvisory : \n\n - An unspecified vulnerability in the Oracle VM\n VirtualBox component of Oracle Virtualization in the\n Core subcomponent could allow an unauthenticated,\n remote attacker with logon to the infrastructure where\n Oracle VM VirtualBox executes to compromise Oracle VM\n VirtualBox. (CVE-2018-2909, CVE-2018-3287,\n CVE-2018-3288, CVE-2018-3289, CVE-2018-3290,\n CVE-2018-3291, CVE-2018-3292, CVE-2018-3293,\n CVE-2018-3294, CVE-2018-3295, CVE-2018-3296,\n CVE-2018-3297, CVE-2018-3298)\n\n - An unspecified vulnerability in the Oracle VM\n VirtualBox component of Oracle Virtualization in the\n OpenSSL subcomponent could allow an unauthenticated,\n remote attacker with network access via TLS to\n compromise Oracle VM VirtualBox. (CVE-2018-0732)\n\nPlease consult the CVRF details for the applicable CVEs for\nadditional information.\n\nNessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixOVIR\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aca0e0f6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.virtualbox.org/wiki/Changelog\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle VM VirtualBox version 5.2.20 or later as\nreferenced in the October 2018 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3294\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:vm_virtualbox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"virtualbox_installed.nasl\", \"macosx_virtualbox_installed.nbin\");\n script_require_ports(\"installed_sw/Oracle VM VirtualBox\", \"installed_sw/VirtualBox\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = NULL;\napps = make_list('Oracle VM VirtualBox', 'VirtualBox');\n\nforeach app (apps)\n{\n if (get_install_count(app_name:app)) break;\n else app = NULL;\n}\n\nif (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\n# Affected :\nif ( ver_compare(ver:ver, fix:'5.2.20', strict:FALSE) < 0) fix = '5.2.20';\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n\nport = 0;\nif (app == 'Oracle VM VirtualBox')\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n}\n\nreport =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\nsecurity_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\nexit(0);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-09-24T09:08:03", "description": "This update for virtualbox to version 6.0.10 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864\n CVE-2019-2865 CVE-2019-1543 CVE-2019-2863 CVE-2019-2848\n CVE-2019-2877 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875\n CVE-2019-2876 CVE-2019-2850 (boo#1141801)", "edition": 14, "cvss3": {"score": 9.0, "vector": "AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "openSUSE Security Update : virtualbox (openSUSE-2019-1814)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2509", "CVE-2019-2679", "CVE-2019-2451", "CVE-2019-2678", "CVE-2019-2867", "CVE-2018-3297", "CVE-2019-2525", "CVE-2019-2703", "CVE-2019-2574", "CVE-2018-3294", "CVE-2018-0734", "CVE-2018-3293", "CVE-2018-3292", "CVE-2019-2448", "CVE-2019-2850", "CVE-2019-2511", "CVE-2019-2722", "CVE-2018-3291", "CVE-2018-3298", "CVE-2019-2877", "CVE-2019-2554", "CVE-2019-2848", "CVE-2019-1543", "CVE-2019-2527", "CVE-2018-3290", "CVE-2019-2865", "CVE-2019-2656", "CVE-2019-2866", "CVE-2019-2723", "CVE-2018-3296", "CVE-2018-3288", "CVE-2019-2555", "CVE-2019-2696", "CVE-2019-2875", "CVE-2018-11763", "CVE-2019-2859", "CVE-2019-2721", "CVE-2018-11784", "CVE-2019-2450", "CVE-2019-2657", "CVE-2018-3295", "CVE-2019-2873", "CVE-2019-2690", "CVE-2018-3289", "CVE-2019-2864", "CVE-2019-2556", "CVE-2019-2876", "CVE-2019-2680", "CVE-2019-2508", "CVE-2019-2446", "CVE-2019-2874", "CVE-2019-2863"], "modified": "2019-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-vnc", "p-cpe:/a:novell:opensuse:virtualbox-guest-source", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:python3-virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons"], "id": "OPENSUSE-2019-1814.NASL", "href": "https://www.tenable.com/plugins/nessus/127734", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1814.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127734);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/23\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-11763\", \"CVE-2018-11784\", \"CVE-2018-3288\", \"CVE-2018-3289\", \"CVE-2018-3290\", \"CVE-2018-3291\", \"CVE-2018-3292\", \"CVE-2018-3293\", \"CVE-2018-3294\", \"CVE-2018-3295\", \"CVE-2018-3296\", \"CVE-2018-3297\", \"CVE-2018-3298\", \"CVE-2019-1543\", \"CVE-2019-2446\", \"CVE-2019-2448\", \"CVE-2019-2450\", \"CVE-2019-2451\", \"CVE-2019-2508\", \"CVE-2019-2509\", \"CVE-2019-2511\", \"CVE-2019-2525\", \"CVE-2019-2527\", \"CVE-2019-2554\", \"CVE-2019-2555\", \"CVE-2019-2556\", \"CVE-2019-2574\", \"CVE-2019-2656\", \"CVE-2019-2657\", \"CVE-2019-2678\", \"CVE-2019-2679\", \"CVE-2019-2680\", \"CVE-2019-2690\", \"CVE-2019-2696\", \"CVE-2019-2703\", \"CVE-2019-2721\", \"CVE-2019-2722\", \"CVE-2019-2723\", \"CVE-2019-2848\", \"CVE-2019-2850\", \"CVE-2019-2859\", \"CVE-2019-2863\", \"CVE-2019-2864\", \"CVE-2019-2865\", \"CVE-2019-2866\", \"CVE-2019-2867\", \"CVE-2019-2873\", \"CVE-2019-2874\", \"CVE-2019-2875\", \"CVE-2019-2876\", \"CVE-2019-2877\");\n\n script_name(english:\"openSUSE Security Update : virtualbox (openSUSE-2019-1814)\");\n script_summary(english:\"Check for the openSUSE-2019-1814 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for virtualbox to version 6.0.10 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864\n CVE-2019-2865 CVE-2019-1543 CVE-2019-2863 CVE-2019-2848\n CVE-2019-2877 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875\n CVE-2019-2876 CVE-2019-2850 (boo#1141801)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141801\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected virtualbox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3294\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-vnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-virtualbox-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-virtualbox-debuginfo-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-debuginfo-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-debugsource-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-devel-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-desktop-icons-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-kmp-default-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-kmp-default-debuginfo-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-source-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-tools-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-tools-debuginfo-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-x11-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-x11-debuginfo-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-host-kmp-default-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-host-kmp-default-debuginfo-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-host-source-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-qt-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-qt-debuginfo-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-vnc-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-websrv-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-websrv-debuginfo-6.0.10-lp151.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3-virtualbox / python3-virtualbox-debuginfo / virtualbox / etc\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2019-07-30T19:43:34", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2509", "CVE-2019-2679", "CVE-2019-2451", "CVE-2019-2678", "CVE-2019-2867", "CVE-2018-3297", "CVE-2019-2525", "CVE-2019-2703", "CVE-2019-2574", "CVE-2018-3294", "CVE-2018-0734", "CVE-2018-3293", "CVE-2018-3292", "CVE-2019-2448", "CVE-2019-2850", "CVE-2019-2511", "CVE-2019-2722", "CVE-2018-3291", "CVE-2018-3298", "CVE-2019-2877", "CVE-2019-2554", "CVE-2019-2848", "CVE-2019-1543", "CVE-2019-2527", "CVE-2018-3290", "CVE-2019-2865", "CVE-2019-2656", "CVE-2019-2866", "CVE-2019-2723", "CVE-2018-3296", "CVE-2018-3288", "CVE-2019-2555", "CVE-2019-2696", "CVE-2019-2875", "CVE-2018-11763", "CVE-2019-2859", "CVE-2019-2721", "CVE-2018-11784", "CVE-2019-2450", "CVE-2019-2657", "CVE-2018-3295", "CVE-2019-2873", "CVE-2019-2690", "CVE-2018-3289", "CVE-2019-2864", "CVE-2019-2556", "CVE-2019-2876", "CVE-2019-2680", "CVE-2019-2508", "CVE-2019-2446", "CVE-2019-2874", "CVE-2019-2863"], "description": "This update for virtualbox to version 6.0.10 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864 CVE-2019-2865\n CVE-2019-1543 CVE-2019-2863 CVE-2019-2848 CVE-2019-2877 CVE-2019-2873\n CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2850 (boo#1141801)\n\n", "edition": 1, "modified": "2019-07-30T18:11:48", "published": "2019-07-30T18:11:48", "id": "OPENSUSE-SU-2019:1814-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html", "title": "Security update for virtualbox (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oracle": [{"lastseen": "2019-05-29T18:21:14", "bulletinFamily": "software", "cvelist": ["CVE-2018-3170", "CVE-2018-3157", "CVE-2018-3138", "CVE-2018-3254", "CVE-2017-5533", "CVE-2018-3204", "CVE-2018-3141", "CVE-2017-7407", "CVE-2015-9251", "CVE-2016-8620", "CVE-2017-9798", "CVE-2016-8623", "CVE-2018-1000120", "CVE-2016-5244", "CVE-2018-0732", "CVE-2018-3183", "CVE-2015-0235", "CVE-2016-5420", "CVE-2018-3274", "CVE-2018-3271", "CVE-2018-1304", "CVE-2018-3297", "CVE-2018-3130", "CVE-2016-9840", "CVE-2018-3184", "CVE-2018-3227", "CVE-2018-3231", "CVE-2016-8615", "CVE-2016-8616", "CVE-2018-3188", "CVE-2018-3137", "CVE-2018-3174", "CVE-2018-3203", "CVE-2018-3154", "CVE-2016-5019", "CVE-2016-8619", "CVE-2015-3236", "CVE-2018-3189", "CVE-2018-1275", "CVE-2018-14048", "CVE-2018-3301", "CVE-2018-3294", "CVE-2018-3129", "CVE-2018-7489", "CVE-2018-3287", "CVE-2018-3180", "CVE-2018-3257", "CVE-2018-3280", "CVE-2018-3293", "CVE-2018-3247", "CVE-2018-3239", "CVE-2018-2911", "CVE-2018-3270", "CVE-2018-3249", "CVE-2018-3259", "CVE-2018-3167", "CVE-2018-3236", "CVE-2018-3292", "CVE-2017-3735", "CVE-2018-2912", "CVE-2018-3175", "CVE-2018-3250", "CVE-2014-0014", "CVE-2018-3299", "CVE-2018-1271", "CVE-2016-5080", "CVE-2018-3256", "CVE-2018-3136", "CVE-2018-3246", "CVE-2018-3152", "CVE-2016-8618", "CVE-2018-1000121", "CVE-2018-3285", "CVE-2018-3115", "CVE-2018-3263", "CVE-2018-11039", "CVE-2018-3282", "CVE-2018-3218", "CVE-2018-3150", "CVE-2018-3145", "CVE-2018-3132", "CVE-2018-3190", "CVE-2016-7141", "CVE-2018-3220", "CVE-2018-11307", "CVE-2018-3133", "CVE-2018-2889", "CVE-2018-3128", "CVE-2018-3214", "CVE-2018-3182", "CVE-2018-3211", "CVE-2018-3210", "CVE-2016-0729", "CVE-2018-3233", "CVE-2018-3209", "CVE-2018-3131", "CVE-2018-3302", "CVE-2016-0635", "CVE-2016-0755", "CVE-2016-2107", "CVE-2018-3267", "CVE-2018-3261", "CVE-2015-7501", "CVE-2018-3219", "CVE-2018-3291", "CVE-2018-3244", "CVE-2018-3265", "CVE-2018-3266", "CVE-2018-3193", "CVE-2018-3144", "CVE-2018-3206", "CVE-2018-3298", "CVE-2016-8617", "CVE-2016-9842", "CVE-2018-12022", "CVE-2018-3212", "CVE-2018-8014", "CVE-2016-1182", "CVE-2015-3153", "CVE-2018-1258", "CVE-2018-3234", "CVE-2018-3255", "CVE-2018-3226", "CVE-2018-1000122", "CVE-2018-3173", "CVE-2018-3215", "CVE-2018-3248", "CVE-2018-1305", "CVE-2018-3187", "CVE-2018-3276", "CVE-2018-3156", "CVE-2018-3241", "CVE-2018-3228", "CVE-2018-11776", "CVE-2018-3122", "CVE-2018-13785", "CVE-2018-3011", "CVE-2018-3139", "CVE-2017-7805", "CVE-2018-3223", "CVE-2018-3205", "CVE-2018-3230", "CVE-2018-1257", "CVE-2018-3213", "CVE-2017-5715", "CVE-2018-3161", "CVE-2018-3290", "CVE-2018-3201", "CVE-2018-1000300", "CVE-2018-3251", "CVE-2018-3225", "CVE-2018-2902", "CVE-2018-3163", "CVE-2015-3144", "CVE-2018-2887", "CVE-2014-0114", "CVE-2018-3179", "CVE-2018-3262", "CVE-2018-3237", "CVE-2018-0739", "CVE-2018-3222", "CVE-2018-3155", "CVE-2015-0252", "CVE-2018-3253", "CVE-2018-3126", "CVE-2018-8034", "CVE-2018-3127", "CVE-2018-3221", "CVE-2018-3059", "CVE-2015-3237", "CVE-2018-3279", "CVE-2018-3151", "CVE-2018-2909", "CVE-2018-3245", "CVE-2018-3252", "CVE-2018-3284", "CVE-2018-8013", "CVE-2018-3235", "CVE-2016-8622", "CVE-2018-3275", "CVE-2015-7990", "CVE-2018-3162", "CVE-2018-3197", "CVE-2018-1272", "CVE-2018-3278", "CVE-2018-3186", "CVE-2017-7525", "CVE-2018-3159", "CVE-2018-3171", "CVE-2018-3296", "CVE-2018-3194", "CVE-2018-3217", "CVE-2018-3273", "CVE-2018-3178", "CVE-2018-3147", "CVE-2018-3288", "CVE-2018-1270", "CVE-2014-7817", "CVE-2018-3191", "CVE-2018-18224", "CVE-2012-1007", "CVE-2018-3143", "CVE-2016-8624", "CVE-2018-0733", "CVE-2016-1181", "CVE-2018-3281", "CVE-2018-2971", "CVE-2016-3739", "CVE-2018-3146", "CVE-2016-9843", "CVE-2018-3277", "CVE-2018-3208", "CVE-2017-14735", "CVE-2015-3145", "CVE-2017-3738", "CVE-2018-3172", "CVE-2018-3164", "CVE-2018-3176", "CVE-2018-3169", "CVE-2018-3160", "CVE-2018-3149", "CVE-2014-3490", "CVE-2018-3185", "CVE-2018-3232", "CVE-2018-3264", "CVE-2018-8037", "CVE-2018-3258", "CVE-2017-5645", "CVE-2016-5421", "CVE-2016-9586", "CVE-2018-3272", "CVE-2018-3142", "CVE-2018-3295", "CVE-2018-2914", "CVE-2018-3192", "CVE-2018-3153", "CVE-2018-3283", "CVE-2017-5529", "CVE-2018-3269", "CVE-2016-9841", "CVE-2018-3196", "CVE-2016-4000", "CVE-2018-3289", "CVE-2018-3229", "CVE-2017-3736", "CVE-2018-3286", "CVE-2018-3177", "CVE-2018-3243", "CVE-2018-3242", "CVE-2018-3148", "CVE-2018-3181", "CVE-2018-18223", "CVE-2018-0737", "CVE-2018-3268", "CVE-2018-3200", "CVE-2016-5419", "CVE-2018-3195", "CVE-2017-15095", "CVE-2016-7167", "CVE-2018-11040", "CVE-2018-3198", "CVE-2018-3166", "CVE-2016-6814", "CVE-2018-3202", "CVE-2016-1000031", "CVE-2018-3158", "CVE-2018-1000301", "CVE-2018-3238", "CVE-2018-3134", "CVE-2018-12023", "CVE-2018-3224", "CVE-2018-3165", "CVE-2016-8621", "CVE-2018-3135", "CVE-2018-3168", "CVE-2015-6937", "CVE-2018-2922", "CVE-2018-3140", "CVE-2018-2913", "CVE-2018-3207"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 301 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2456979.1>).\n", "modified": "2018-10-16T00:00:00", "published": "2018-12-18T00:00:00", "id": "ORACLE:CPUOCT2018-4428296", "href": "", "type": "oracle", "title": "CPU Oct 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:56", "bulletinFamily": "software", "cvelist": ["CVE-2012-1007", "CVE-2014-0014", "CVE-2014-0114", "CVE-2014-3490", "CVE-2014-7817", "CVE-2015-0235", "CVE-2015-0252", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3153", "CVE-2015-3236", "CVE-2015-3237", "CVE-2015-6937", "CVE-2015-7501", "CVE-2015-7990", "CVE-2015-9251", "CVE-2016-0635", "CVE-2016-0729", "CVE-2016-0755", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2107", "CVE-2016-3739", "CVE-2016-4000", "CVE-2016-5019", "CVE-2016-5080", "CVE-2016-5244", "CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-6814", "CVE-2016-7141", "CVE-2016-7167", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-9586", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-14735", "CVE-2017-15095", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3738", "CVE-2017-5529", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5715", "CVE-2017-7407", "CVE-2017-7525", "CVE-2017-7805", "CVE-2017-9798", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11307", "CVE-2018-11776", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-13785", "CVE-2018-14048", "CVE-2018-18223", "CVE-2018-18224", "CVE-2018-2887", "CVE-2018-2889", "CVE-2018-2902", "CVE-2018-2909", "CVE-2018-2911", "CVE-2018-2912", "CVE-2018-2913", "CVE-2018-2914", "CVE-2018-2922", "CVE-2018-2971", "CVE-2018-3011", "CVE-2018-3059", "CVE-2018-3115", "CVE-2018-3122", "CVE-2018-3126", "CVE-2018-3127", "CVE-2018-3128", "CVE-2018-3129", "CVE-2018-3130", "CVE-2018-3131", "CVE-2018-3132", "CVE-2018-3133", "CVE-2018-3134", "CVE-2018-3135", "CVE-2018-3136", "CVE-2018-3137", "CVE-2018-3138", "CVE-2018-3139", "CVE-2018-3140", "CVE-2018-3141", "CVE-2018-3142", "CVE-2018-3143", "CVE-2018-3144", "CVE-2018-3145", "CVE-2018-3146", "CVE-2018-3147", "CVE-2018-3148", "CVE-2018-3149", "CVE-2018-3150", "CVE-2018-3151", "CVE-2018-3152", "CVE-2018-3153", "CVE-2018-3154", "CVE-2018-3155", "CVE-2018-3156", "CVE-2018-3157", "CVE-2018-3158", "CVE-2018-3159", "CVE-2018-3160", "CVE-2018-3161", "CVE-2018-3162", "CVE-2018-3163", "CVE-2018-3164", "CVE-2018-3165", "CVE-2018-3166", "CVE-2018-3167", "CVE-2018-3168", "CVE-2018-3169", "CVE-2018-3170", "CVE-2018-3171", "CVE-2018-3172", "CVE-2018-3173", "CVE-2018-3174", "CVE-2018-3175", "CVE-2018-3176", "CVE-2018-3177", "CVE-2018-3178", "CVE-2018-3179", "CVE-2018-3180", "CVE-2018-3181", "CVE-2018-3182", "CVE-2018-3183", "CVE-2018-3184", "CVE-2018-3185", "CVE-2018-3186", "CVE-2018-3187", "CVE-2018-3188", "CVE-2018-3189", "CVE-2018-3190", "CVE-2018-3191", "CVE-2018-3192", "CVE-2018-3193", "CVE-2018-3194", "CVE-2018-3195", "CVE-2018-3196", "CVE-2018-3197", "CVE-2018-3198", "CVE-2018-3200", "CVE-2018-3201", "CVE-2018-3202", "CVE-2018-3203", "CVE-2018-3204", "CVE-2018-3205", "CVE-2018-3206", "CVE-2018-3207", "CVE-2018-3208", "CVE-2018-3209", "CVE-2018-3210", "CVE-2018-3211", "CVE-2018-3212", "CVE-2018-3213", "CVE-2018-3214", "CVE-2018-3215", "CVE-2018-3217", "CVE-2018-3218", "CVE-2018-3219", "CVE-2018-3220", "CVE-2018-3221", "CVE-2018-3222", "CVE-2018-3223", "CVE-2018-3224", "CVE-2018-3225", "CVE-2018-3226", "CVE-2018-3227", "CVE-2018-3228", "CVE-2018-3229", "CVE-2018-3230", "CVE-2018-3231", "CVE-2018-3232", "CVE-2018-3233", "CVE-2018-3234", "CVE-2018-3235", "CVE-2018-3236", "CVE-2018-3237", "CVE-2018-3238", "CVE-2018-3239", "CVE-2018-3241", "CVE-2018-3242", "CVE-2018-3243", "CVE-2018-3244", "CVE-2018-3245", "CVE-2018-3246", "CVE-2018-3247", "CVE-2018-3248", "CVE-2018-3249", "CVE-2018-3250", "CVE-2018-3251", "CVE-2018-3252", "CVE-2018-3253", "CVE-2018-3254", "CVE-2018-3255", "CVE-2018-3256", "CVE-2018-3257", "CVE-2018-3258", "CVE-2018-3259", "CVE-2018-3261", "CVE-2018-3262", "CVE-2018-3263", "CVE-2018-3264", "CVE-2018-3265", "CVE-2018-3266", "CVE-2018-3267", "CVE-2018-3268", "CVE-2018-3269", "CVE-2018-3270", "CVE-2018-3271", "CVE-2018-3272", "CVE-2018-3273", "CVE-2018-3274", "CVE-2018-3275", "CVE-2018-3276", "CVE-2018-3277", "CVE-2018-3278", "CVE-2018-3279", "CVE-2018-3280", "CVE-2018-3281", "CVE-2018-3282", "CVE-2018-3283", "CVE-2018-3284", "CVE-2018-3285", "CVE-2018-3286", "CVE-2018-3287", "CVE-2018-3288", "CVE-2018-3289", "CVE-2018-3290", "CVE-2018-3291", "CVE-2018-3292", "CVE-2018-3293", "CVE-2018-3294", "CVE-2018-3295", "CVE-2018-3296", "CVE-2018-3297", "CVE-2018-3298", "CVE-2018-3299", "CVE-2018-3301", "CVE-2018-3302", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8014", "CVE-2018-8034", "CVE-2018-8037"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 301 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2456979.1>).\n", "modified": "2018-10-16T00:00:00", "published": "2018-12-18T00:00:00", "id": "ORACLE:CPUOCT2018", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - October 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
