ID CVE-2019-2875 Type cve Reporter secalert_us@oracle.com Modified 2021-02-16T23:45:00
Description
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
{"id": "CVE-2019-2875", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2019-2875", "description": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "published": "2019-07-23T23:15:00", "modified": "2021-02-16T23:45:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1}, "severity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 1.4}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2875", "reporter": "secalert_us@oracle.com", "references": ["http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html", "https://security.gentoo.org/glsa/202101-09"], "cvelist": ["CVE-2019-2875"], "immutableFields": [], "lastseen": "2022-03-23T22:47:28", "viewCount": 98, "enchantments": {"dependencies": {"references": [{"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-2875"]}, {"type": "gentoo", "idList": ["GLSA-202101-09"]}, {"type": "kaspersky", "idList": ["KLA11521"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-202101-09.NASL", "OPENSUSE-2019-1814.NASL", "VIRTUALBOX_JUL_2019_CPU.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815420", "OPENVAS:1361412562310852640"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2019", "ORACLE:CPUJUL2019-5072835"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1814-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-2875"]}]}, "score": {"value": 5.3, "vector": "NONE"}, "twitter": {"counter": 3, "modified": "2021-02-02T07:13:00", "tweets": [{"link": "https://twitter.com/WolfgangSesin/status/1361859360742285315", "text": "New post from https://t.co/uXvPWJPHkR?amp=1 (CVE-2019-2875 (leap, vm_virtualbox)) has been published on https://t.co/Y5cFt62lti?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1361824970339463168", "text": " NEW: CVE-2019-2875 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploi... (click for more) Severity: LOW https://t.co/FHdW3J97JY?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1361824970339463168", "text": " NEW: CVE-2019-2875 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploi... (click for more) Severity: LOW https://t.co/FHdW3J97JY?amp=1"}]}, "backreferences": {"references": [{"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-2875"]}, {"type": "gentoo", "idList": ["GLSA-202101-09"]}, {"type": "kaspersky", "idList": ["KLA11521"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-202101-09.NASL", "OPENSUSE-2019-1814.NASL", "VIRTUALBOX_JUL_2019_CPU.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815420"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2019-5072835"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1814-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-2875"]}]}, "exploitation": null, "vulnersScore": 5.3}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:opensuse:leap:15.1"], "cpe23": ["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "affectedSoftware": [{"cpeName": "oracle:vm_virtualbox", "version": "5.2.32", "operator": "lt", "name": "oracle vm virtualbox"}, {"cpeName": "oracle:vm_virtualbox", "version": "6.0.10", "operator": "lt", "name": "oracle vm virtualbox"}, {"cpeName": "opensuse:leap", "version": "15.0", "operator": "eq", "name": "opensuse leap"}, {"cpeName": "opensuse:leap", "version": "15.1", "operator": "eq", "name": "opensuse leap"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:5.2.32:*:*:*:*:*:*:*", "versionEndExcluding": "5.2.32", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:6.0.10:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.0", "versionEndExcluding": "6.0.10", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html", "name": "openSUSE-SU-2019:1814", "refsource": "SUSE", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202101-09", "name": "GLSA-202101-09", "refsource": "GENTOO", "tags": ["Third Party Advisory"]}]}
{"ubuntucve": [{"lastseen": "2021-11-22T21:30:26", "description": "Vulnerability in the Oracle VM VirtualBox component of Oracle\nVirtualization (subcomponent: Core). Supported versions that are affected\nare Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability\nallows low privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox.\nSuccessful attacks of this vulnerability can result in unauthorized ability\nto cause a partial denial of service (partial DOS) of Oracle VM VirtualBox.\nCVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2019-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2019-2875", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2875"], "modified": "2019-07-23T00:00:00", "id": "UB:CVE-2019-2875", "href": "https://ubuntu.com/security/CVE-2019-2875", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-04-21T18:13:56", "description": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2019-07-23T23:15:00", "type": "debiancve", "title": "CVE-2019-2875", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2875"], "modified": "2019-07-23T23:15:00", "id": "DEBIANCVE:CVE-2019-2875", "href": "https://security-tracker.debian.org/tracker/CVE-2019-2875", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "kaspersky": [{"lastseen": "2021-08-18T11:08:38", "description": "### *Detect date*:\n07/16/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Oracle VirtualBox. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information.\n\n### *Affected products*:\nOracle VirtualBox prior to 5.2.32, prior to 6.0.10\n\n### *Solution*:\nUpdate to the latest version\n\n### *Original advisories*:\n[Oracle Critical Patch Update Advisory \u2013 July 2019](<https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixOVIR>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Oracle VirtualBox](<https://threats.kaspersky.com/en/product/Oracle-VirtualBox/>)\n\n### *CVE-IDS*:\n[CVE-2019-2859](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2859>)4.6Warning \n[CVE-2019-2867](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2867>)4.6Warning \n[CVE-2019-2866](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2866>)4.6Warning \n[CVE-2019-2864](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2864>)4.4Warning \n[CVE-2019-2865](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2865>)4.4Warning \n[CVE-2019-1543](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543>)5.8High \n[CVE-2019-2863](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2863>)2.1Warning \n[CVE-2019-2848](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2848>)2.1Warning \n[CVE-2019-2877](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2877>)2.1Warning \n[CVE-2019-2873](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2873>)2.1Warning \n[CVE-2019-2874](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2874>)2.1Warning \n[CVE-2019-2875](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2875>)2.1Warning \n[CVE-2019-2876](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2876>)2.1Warning \n[CVE-2019-2850](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2850>)1.9Warning", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-07-16T00:00:00", "type": "kaspersky", "title": "KLA11521 Multiple vulnerabilities in Oracle VirtualBox", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1543", "CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2859", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877"], "modified": "2020-06-03T00:00:00", "id": "KLA11521", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11521/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "OpenSSL versions 1.1.0 through 1.1.0j and 1.1.1 through 1.1.1b are susceptible to a vulnerability that could lead to disclosure of sensitive information or the addition or modification of data (CVE-2019-1543). Oracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability that allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox (CVE-2019-2848). Oracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability that allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox (CVE-2019-2850). Oracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability that allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox (CVE-2019-2859). Oracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability that allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data (CVE-2019-2863). Oracle VM VirtualBox prior to 6.0.10 has a difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox (CVE-2019-2864, CVE-2019-2865). Oracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox (CVE-2019-2866, CVE-2019-2867). Oracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability that allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox (CVE-2019-2873, CVE-2019-2874, CVE-2019-2875, CVE-2019-2876, CVE-2019-2877). \n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-07-27T16:44:28", "type": "mageia", "title": "Updated virtualbox packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1543", "CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2859", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877"], "modified": "2019-07-27T16:44:28", "id": "MGASA-2019-0216", "href": "https://advisories.mageia.org/MGASA-2019-0216.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2020-03-05T17:45:38", "description": "The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-07-17T00:00:00", "type": "openvas", "title": "Oracle VirtualBox Security Updates (jul2019-5072835) - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2867", "CVE-2019-2850", "CVE-2019-2877", "CVE-2019-2848", "CVE-2019-1543", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2875", "CVE-2019-2859", "CVE-2019-2873", "CVE-2019-2864", "CVE-2019-2876", "CVE-2019-2874", "CVE-2019-2863"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310815420", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815420", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815420\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2019-2863\", \"CVE-2019-1543\", \"CVE-2019-2867\", \"CVE-2019-2866\",\n \"CVE-2019-2865\", \"CVE-2019-2864\", \"CVE-2019-2848\", \"CVE-2019-2859\",\n \"CVE-2019-2850\", \"CVE-2019-2874\", \"CVE-2019-2875\", \"CVE-2019-2876\",\n \"CVE-2019-2877\", \"CVE-2019-2873\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-17 12:52:56 +0530 (Wed, 17 Jul 2019)\");\n script_name(\"Oracle VirtualBox Security Updates (jul2019-5072835) - Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n unspecified vulnerabilities in 'Core' component.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attacker to\n have an impact on confidentiality, integrity and availability.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions 6.x prior to 6.0.10\n and prior to 5.2.32 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox version\n 6.0.10 or 5.2.32 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\");\n script_xref(name:\"URL\", value:\"https://www.virtualbox.org/wiki/Downloads\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_sun_virtualbox_detect_win.nasl\");\n script_mandatory_keys(\"Oracle/VirtualBox/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\n\nvirtualVer = infos['version'];\npath = infos['location'];\n\nif(virtualVer =~ \"^6\\.\" && version_is_less(version:virtualVer, test_version:\"6.0.10\")){\n fix = \"6.0.10\";\n} else if (version_is_less(version:virtualVer, test_version:\"5.2.32\")){\n fix = \"5.2.32\";\n}\n\nif(fix)\n{\n report = report_fixed_ver( installed_version:virtualVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-31T16:48:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-31T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for virtualbox (openSUSE-SU-2019:1814-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2509", "CVE-2019-2679", "CVE-2019-2451", "CVE-2019-2678", "CVE-2019-2867", "CVE-2018-3297", "CVE-2019-2525", "CVE-2019-2703", "CVE-2019-2574", "CVE-2018-3294", "CVE-2018-0734", "CVE-2018-3293", "CVE-2018-3292", "CVE-2019-2448", "CVE-2019-2850", "CVE-2019-2511", "CVE-2019-2722", "CVE-2018-3291", "CVE-2018-3298", "CVE-2019-2877", "CVE-2019-2554", "CVE-2019-2848", "CVE-2019-1543", "CVE-2019-2527", "CVE-2018-3290", "CVE-2019-2865", "CVE-2019-2656", "CVE-2019-2866", "CVE-2019-2723", "CVE-2018-3296", "CVE-2018-3288", "CVE-2019-2555", "CVE-2019-2696", "CVE-2019-2875", "CVE-2018-11763", "CVE-2019-2859", "CVE-2019-2721", "CVE-2018-11784", "CVE-2019-2450", "CVE-2019-2657", "CVE-2018-3295", "CVE-2019-2873", "CVE-2019-2690", "CVE-2018-3289", "CVE-2019-2864", "CVE-2019-2556", "CVE-2019-2876", "CVE-2019-2680", "CVE-2019-2508", "CVE-2019-2446", "CVE-2019-2874", "CVE-2019-2863"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852640", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852640\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-11763\", \"CVE-2018-11784\", \"CVE-2018-3288\",\n \"CVE-2018-3289\", \"CVE-2018-3290\", \"CVE-2018-3291\", \"CVE-2018-3292\",\n \"CVE-2018-3293\", \"CVE-2018-3294\", \"CVE-2018-3295\", \"CVE-2018-3296\",\n \"CVE-2018-3297\", \"CVE-2018-3298\", \"CVE-2019-1543\", \"CVE-2019-2446\",\n \"CVE-2019-2448\", \"CVE-2019-2450\", \"CVE-2019-2451\", \"CVE-2019-2508\",\n \"CVE-2019-2509\", \"CVE-2019-2511\", \"CVE-2019-2525\", \"CVE-2019-2527\",\n \"CVE-2019-2554\", \"CVE-2019-2555\", \"CVE-2019-2556\", \"CVE-2019-2574\",\n \"CVE-2019-2656\", \"CVE-2019-2657\", \"CVE-2019-2678\", \"CVE-2019-2679\",\n \"CVE-2019-2680\", \"CVE-2019-2690\", \"CVE-2019-2696\", \"CVE-2019-2703\",\n \"CVE-2019-2721\", \"CVE-2019-2722\", \"CVE-2019-2723\", \"CVE-2019-2848\",\n \"CVE-2019-2850\", \"CVE-2019-2859\", \"CVE-2019-2863\", \"CVE-2019-2864\",\n \"CVE-2019-2865\", \"CVE-2019-2866\", \"CVE-2019-2867\", \"CVE-2019-2873\",\n \"CVE-2019-2874\", \"CVE-2019-2875\", \"CVE-2019-2876\", \"CVE-2019-2877\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-31 02:00:38 +0000 (Wed, 31 Jul 2019)\");\n script_name(\"openSUSE: Security Advisory for virtualbox (openSUSE-SU-2019:1814-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1814-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'virtualbox'\n package(s) announced via the openSUSE-SU-2019:1814-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for virtualbox to version 6.0.10 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864 CVE-2019-2865\n CVE-2019-1543 CVE-2019-2863 CVE-2019-2848 CVE-2019-2877 CVE-2019-2873\n CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2850 (boo#1141801)\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1814=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1814=1\");\n\n script_tag(name:\"affected\", value:\"'virtualbox' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-desktop-icons\", rpm:\"virtualbox-guest-desktop-icons~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-source\", rpm:\"virtualbox-guest-source~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-virtualbox\", rpm:\"python3-virtualbox~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-virtualbox-debuginfo\", rpm:\"python3-virtualbox-debuginfo~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~6.0.10_k4.12.14_lp150.12.67~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"<br>virtualbox-guest-kmp-default-debuginfo\", rpm:\"<br>virtualbox-guest-kmp-default-debuginfo~6.0.10_k4.12.14_lp150.12.67~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~6.0.10_k4.12.14_lp150.12.67~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"<br>virtualbox-host-kmp-default-debuginfo\", rpm:\"<br>virtualbox-host-kmp-default-debuginfo~6.0.10_k4.12.14_lp150.12.67~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-vnc\", rpm:\"virtualbox-vnc~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~6.0.10~lp150.4.36.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2022-05-20T15:02:15", "description": "The version of Oracle VM VirtualBox running on the remote host is 5.2.x prior to 5.2.32 or 6.0.x prior to 6.0.10. It is, therefore, affected by multiple vulnerabilities as noted in the July 2019 Critical Patch Update advisory:\n\n - An unspecified vulnerabilities in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core), which could allow an authenticated, local attacker to takeover Oracle VM VirtualBox. (CVE-2019-2859, CVE-2019-2863, CVE-2019-2866, CVE-2019-2867) \n\n - An unspecified vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core (OpenSSL)), which could allow an unauthenticated, remote attacker to create, delete of modify critical data Oracle VM VirtualBox. (CVE-2019-1543)\n\n - An unspecified vulnerabilities in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core), which could allow an authenticated, local attacker to cause a hang or repeatable crach (DoS) of Oracle VM VirtualBox. (CVE-2019-2848, CVE-2019-2873, CVE-2019-2874, CVE-2019-2875, CVE-2019-2876, CVE-2019-2877)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-07-18T00:00:00", "type": "nessus", "title": "Oracle VM VirtualBox 5.2.x < 5.2.32 / 6.0.x < 6.0.10 (Jul 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1543", "CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2859", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/a:oracle:vm_virtualbox"], "id": "VIRTUALBOX_JUL_2019_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/126778", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126778);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-1543\",\n \"CVE-2019-2848\",\n \"CVE-2019-2850\",\n \"CVE-2019-2859\",\n \"CVE-2019-2863\",\n \"CVE-2019-2864\",\n \"CVE-2019-2865\",\n \"CVE-2019-2866\",\n \"CVE-2019-2867\",\n \"CVE-2019-2873\",\n \"CVE-2019-2874\",\n \"CVE-2019-2875\",\n \"CVE-2019-2876\",\n \"CVE-2019-2877\"\n );\n script_bugtraq_id(\n 107349,\n 109190,\n 109194,\n 109198,\n 109200,\n 109204,\n 109208\n );\n\n script_name(english:\"Oracle VM VirtualBox 5.2.x < 5.2.32 / 6.0.x < 6.0.10 (Jul 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle VM VirtualBox running on the remote host is 5.2.x prior to 5.2.32 or 6.0.x prior to 6.0.10. \nIt is, therefore, affected by multiple vulnerabilities as noted in the July 2019 Critical Patch Update advisory:\n\n - An unspecified vulnerabilities in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core), \n which could allow an authenticated, local attacker to takeover Oracle VM VirtualBox. (CVE-2019-2859, CVE-2019-2863, \n CVE-2019-2866, CVE-2019-2867) \n\n - An unspecified vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core\n (OpenSSL)), which could allow an unauthenticated, remote attacker to create, delete of modify critical data Oracle\n VM VirtualBox. (CVE-2019-1543)\n\n - An unspecified vulnerabilities in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core), \n which could allow an authenticated, local attacker to cause a hang or repeatable crach (DoS) of Oracle VM\n VirtualBox. (CVE-2019-2848, CVE-2019-2873, CVE-2019-2874, CVE-2019-2875, CVE-2019-2876, CVE-2019-2877)\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixOVIR\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e4865f6a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.virtualbox.org/wiki/Changelog\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle VM VirtualBox version 5.2.32, 6.0.10 or later as referenced in the July 2019 Oracle Critical \nPatch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1543\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2859\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:vm_virtualbox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"virtualbox_installed.nasl\", \"macosx_virtualbox_installed.nbin\");\n script_require_ports(\"installed_sw/Oracle VM VirtualBox\", \"installed_sw/VirtualBox\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nif (get_kb_item('installed_sw/Oracle VM VirtualBox'))\n app_info = vcf::get_app_info(app:'Oracle VM VirtualBox', win_local:TRUE);\nelse\n app_info = vcf::get_app_info(app:'VirtualBox');\n\nconstraints = [\n {'min_version' : '5.2', 'fixed_version' : '5.2.32'},\n {'min_version' : '6.0', 'fixed_version' : '6.0.10'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-02-19T13:32:38", "description": "This update for virtualbox to version 6.0.10 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864 CVE-2019-2865 CVE-2019-1543 CVE-2019-2863 CVE-2019-2848 CVE-2019-2877 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2850 (boo#1141801)", "cvss3": {"score": 9, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : virtualbox (openSUSE-2019-1814)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0734", "CVE-2018-11763", "CVE-2018-11784", "CVE-2018-3288", "CVE-2018-3289", "CVE-2018-3290", "CVE-2018-3291", "CVE-2018-3292", "CVE-2018-3293", "CVE-2018-3294", "CVE-2018-3295", "CVE-2018-3296", "CVE-2018-3297", "CVE-2018-3298", "CVE-2019-1543", "CVE-2019-2446", "CVE-2019-2448", "CVE-2019-2450", "CVE-2019-2451", "CVE-2019-2508", "CVE-2019-2509", "CVE-2019-2511", "CVE-2019-2525", "CVE-2019-2527", "CVE-2019-2554", "CVE-2019-2555", "CVE-2019-2556", "CVE-2019-2574", "CVE-2019-2656", "CVE-2019-2657", "CVE-2019-2678", "CVE-2019-2679", "CVE-2019-2680", "CVE-2019-2690", "CVE-2019-2696", "CVE-2019-2703", "CVE-2019-2721", "CVE-2019-2722", "CVE-2019-2723", "CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2859", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877"], "modified": "2020-09-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python3-virtualbox", "p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-source", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-vnc", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-1814.NASL", "href": "https://www.tenable.com/plugins/nessus/127734", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1814.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127734);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/23\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-11763\", \"CVE-2018-11784\", \"CVE-2018-3288\", \"CVE-2018-3289\", \"CVE-2018-3290\", \"CVE-2018-3291\", \"CVE-2018-3292\", \"CVE-2018-3293\", \"CVE-2018-3294\", \"CVE-2018-3295\", \"CVE-2018-3296\", \"CVE-2018-3297\", \"CVE-2018-3298\", \"CVE-2019-1543\", \"CVE-2019-2446\", \"CVE-2019-2448\", \"CVE-2019-2450\", \"CVE-2019-2451\", \"CVE-2019-2508\", \"CVE-2019-2509\", \"CVE-2019-2511\", \"CVE-2019-2525\", \"CVE-2019-2527\", \"CVE-2019-2554\", \"CVE-2019-2555\", \"CVE-2019-2556\", \"CVE-2019-2574\", \"CVE-2019-2656\", \"CVE-2019-2657\", \"CVE-2019-2678\", \"CVE-2019-2679\", \"CVE-2019-2680\", \"CVE-2019-2690\", \"CVE-2019-2696\", \"CVE-2019-2703\", \"CVE-2019-2721\", \"CVE-2019-2722\", \"CVE-2019-2723\", \"CVE-2019-2848\", \"CVE-2019-2850\", \"CVE-2019-2859\", \"CVE-2019-2863\", \"CVE-2019-2864\", \"CVE-2019-2865\", \"CVE-2019-2866\", \"CVE-2019-2867\", \"CVE-2019-2873\", \"CVE-2019-2874\", \"CVE-2019-2875\", \"CVE-2019-2876\", \"CVE-2019-2877\");\n\n script_name(english:\"openSUSE Security Update : virtualbox (openSUSE-2019-1814)\");\n script_summary(english:\"Check for the openSUSE-2019-1814 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for virtualbox to version 6.0.10 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864\n CVE-2019-2865 CVE-2019-1543 CVE-2019-2863 CVE-2019-2848\n CVE-2019-2877 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875\n CVE-2019-2876 CVE-2019-2850 (boo#1141801)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141801\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected virtualbox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3294\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-vnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-virtualbox-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-virtualbox-debuginfo-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-debuginfo-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-debugsource-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-devel-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-desktop-icons-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-kmp-default-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-kmp-default-debuginfo-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-source-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-tools-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-tools-debuginfo-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-x11-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-x11-debuginfo-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-host-kmp-default-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-host-kmp-default-debuginfo-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-host-source-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-qt-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-qt-debuginfo-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-vnc-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-websrv-6.0.10-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-websrv-debuginfo-6.0.10-lp151.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3-virtualbox / python3-virtualbox-debuginfo / virtualbox / etc\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-05-15T15:18:39", "description": "The remote host is affected by the vulnerability described in GLSA-202101-09 (VirtualBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n An attacker could take control of VirtualBox resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, or other unspecified impacts.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-01-13T00:00:00", "type": "nessus", "title": "GLSA-202101-09 : VirtualBox: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2859", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877", "CVE-2019-2926", "CVE-2019-2944", "CVE-2019-2984", "CVE-2019-3002", "CVE-2019-3005", "CVE-2019-3017", "CVE-2019-3021", "CVE-2019-3026", "CVE-2019-3028", "CVE-2019-3031", "CVE-2020-14628", "CVE-2020-14629", "CVE-2020-14646", "CVE-2020-14647", "CVE-2020-14648", "CVE-2020-14649", "CVE-2020-14650", "CVE-2020-14673", "CVE-2020-14674", "CVE-2020-14675", "CVE-2020-14676", "CVE-2020-14677", "CVE-2020-14694", "CVE-2020-14695", "CVE-2020-14698", "CVE-2020-14699", "CVE-2020-14700", "CVE-2020-14703", "CVE-2020-14704", "CVE-2020-14707", "CVE-2020-14711", "CVE-2020-14712", "CVE-2020-14713", "CVE-2020-14714", "CVE-2020-14715", "CVE-2020-2575", "CVE-2020-2674", "CVE-2020-2678", "CVE-2020-2681", "CVE-2020-2682", "CVE-2020-2689", "CVE-2020-2690", "CVE-2020-2691", "CVE-2020-2692", "CVE-2020-2693", "CVE-2020-2698", "CVE-2020-2701", "CVE-2020-2702", "CVE-2020-2703", "CVE-2020-2704", "CVE-2020-2705", "CVE-2020-2725", "CVE-2020-2726", "CVE-2020-2727", "CVE-2020-2741", "CVE-2020-2742", "CVE-2020-2743", "CVE-2020-2748", "CVE-2020-2758", "CVE-2020-2894", "CVE-2020-2902", "CVE-2020-2905", "CVE-2020-2907", "CVE-2020-2908", "CVE-2020-2909", "CVE-2020-2910", "CVE-2020-2911", "CVE-2020-2913", "CVE-2020-2914", "CVE-2020-2929", "CVE-2020-2951", "CVE-2020-2958", "CVE-2020-2959"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:virtualbox", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202101-09.NASL", "href": "https://www.tenable.com/plugins/nessus/144923", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202101-09.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144923);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2019-2848\", \"CVE-2019-2850\", \"CVE-2019-2859\", \"CVE-2019-2863\", \"CVE-2019-2864\", \"CVE-2019-2865\", \"CVE-2019-2866\", \"CVE-2019-2867\", \"CVE-2019-2873\", \"CVE-2019-2874\", \"CVE-2019-2875\", \"CVE-2019-2876\", \"CVE-2019-2877\", \"CVE-2019-2926\", \"CVE-2019-2944\", \"CVE-2019-2984\", \"CVE-2019-3002\", \"CVE-2019-3005\", \"CVE-2019-3017\", \"CVE-2019-3021\", \"CVE-2019-3026\", \"CVE-2019-3028\", \"CVE-2019-3031\", \"CVE-2020-14628\", \"CVE-2020-14629\", \"CVE-2020-14646\", \"CVE-2020-14647\", \"CVE-2020-14648\", \"CVE-2020-14649\", \"CVE-2020-14650\", \"CVE-2020-14673\", \"CVE-2020-14674\", \"CVE-2020-14675\", \"CVE-2020-14676\", \"CVE-2020-14677\", \"CVE-2020-14694\", \"CVE-2020-14695\", \"CVE-2020-14698\", \"CVE-2020-14699\", \"CVE-2020-14700\", \"CVE-2020-14703\", \"CVE-2020-14704\", \"CVE-2020-14707\", \"CVE-2020-14711\", \"CVE-2020-14712\", \"CVE-2020-14713\", \"CVE-2020-14714\", \"CVE-2020-14715\", \"CVE-2020-2575\", \"CVE-2020-2674\", \"CVE-2020-2678\", \"CVE-2020-2681\", \"CVE-2020-2682\", \"CVE-2020-2689\", \"CVE-2020-2690\", \"CVE-2020-2691\", \"CVE-2020-2692\", \"CVE-2020-2693\", \"CVE-2020-2698\", \"CVE-2020-2701\", \"CVE-2020-2702\", \"CVE-2020-2703\", \"CVE-2020-2704\", \"CVE-2020-2705\", \"CVE-2020-2725\", \"CVE-2020-2726\", \"CVE-2020-2727\", \"CVE-2020-2741\", \"CVE-2020-2742\", \"CVE-2020-2743\", \"CVE-2020-2748\", \"CVE-2020-2758\", \"CVE-2020-2894\", \"CVE-2020-2902\", \"CVE-2020-2905\", \"CVE-2020-2907\", \"CVE-2020-2908\", \"CVE-2020-2909\", \"CVE-2020-2910\", \"CVE-2020-2911\", \"CVE-2020-2913\", \"CVE-2020-2914\", \"CVE-2020-2929\", \"CVE-2020-2951\", \"CVE-2020-2958\", \"CVE-2020-2959\");\n script_xref(name:\"GLSA\", value:\"202101-09\");\n\n script_name(english:\"GLSA-202101-09 : VirtualBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202101-09\n(VirtualBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in VirtualBox. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker could take control of VirtualBox resulting in the execution\n of arbitrary code with the privileges of the process, a Denial of Service\n condition, or other unspecified impacts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202101-09\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Virtualbox 6.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-emulation/virtualbox-6.0.24:0/6.0'\n All Virtualbox 6.1.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-emulation/virtualbox-6.1.12:0/6.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14704\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/virtualbox\", unaffected:make_list(\"ge 6.1.12\", \"ge 6.0.24\"), vulnerable:make_list(\"lt 6.1.12\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"VirtualBox\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "suse": [{"lastseen": "2022-04-18T12:41:53", "description": "An update that fixes 52 vulnerabilities is now available.\n\nDescription:\n\n This update for virtualbox to version 6.0.10 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864 CVE-2019-2865\n CVE-2019-1543 CVE-2019-2863 CVE-2019-2848 CVE-2019-2877 CVE-2019-2873\n CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2850 (boo#1141801)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1814=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1814=1", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-07-30T00:00:00", "type": "suse", "title": "Security update for virtualbox (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0734", "CVE-2018-11763", "CVE-2018-11784", "CVE-2018-3288", "CVE-2018-3289", "CVE-2018-3290", "CVE-2018-3291", "CVE-2018-3292", "CVE-2018-3293", "CVE-2018-3294", "CVE-2018-3295", "CVE-2018-3296", "CVE-2018-3297", "CVE-2018-3298", "CVE-2019-1543", "CVE-2019-2446", "CVE-2019-2448", "CVE-2019-2450", "CVE-2019-2451", "CVE-2019-2508", "CVE-2019-2509", "CVE-2019-2511", "CVE-2019-2525", "CVE-2019-2527", "CVE-2019-2554", "CVE-2019-2555", "CVE-2019-2556", "CVE-2019-2574", "CVE-2019-2656", "CVE-2019-2657", "CVE-2019-2678", "CVE-2019-2679", "CVE-2019-2680", "CVE-2019-2690", "CVE-2019-2696", "CVE-2019-2703", "CVE-2019-2721", "CVE-2019-2722", "CVE-2019-2723", "CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2859", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877"], "modified": "2019-07-30T00:00:00", "id": "OPENSUSE-SU-2019:1814-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RTRWENR4KO4H3XNPBQUVKRGCPIDNAWUN/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:00:16", "description": "### Background\n\nVirtualBox is a powerful virtualization product from Oracle.\n\n### Description\n\nMultiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker could take control of VirtualBox resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, or other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Virtualbox 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/virtualbox-6.0.24:0/6.0\"\n \n\nAll Virtualbox 6.1.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/virtualbox-6.1.12:0/6.1\"", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-01-12T00:00:00", "type": "gentoo", "title": "VirtualBox: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2859", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877", "CVE-2019-2926", "CVE-2019-2944", "CVE-2019-2984", "CVE-2019-3002", "CVE-2019-3005", "CVE-2019-3017", "CVE-2019-3021", "CVE-2019-3026", "CVE-2019-3028", "CVE-2019-3031", "CVE-2020-14628", "CVE-2020-14629", "CVE-2020-14646", "CVE-2020-14647", "CVE-2020-14648", "CVE-2020-14649", "CVE-2020-14650", "CVE-2020-14673", "CVE-2020-14674", "CVE-2020-14675", "CVE-2020-14676", "CVE-2020-14677", "CVE-2020-14694", "CVE-2020-14695", "CVE-2020-14698", "CVE-2020-14699", "CVE-2020-14700", "CVE-2020-14703", "CVE-2020-14704", "CVE-2020-14707", "CVE-2020-14711", "CVE-2020-14712", "CVE-2020-14713", "CVE-2020-14714", "CVE-2020-14715", "CVE-2020-2575", "CVE-2020-2674", "CVE-2020-2678", "CVE-2020-2681", "CVE-2020-2682", "CVE-2020-2689", "CVE-2020-2690", "CVE-2020-2691", "CVE-2020-2692", "CVE-2020-2693", "CVE-2020-2698", "CVE-2020-2701", "CVE-2020-2702", "CVE-2020-2703", "CVE-2020-2704", "CVE-2020-2705", "CVE-2020-2725", "CVE-2020-2726", "CVE-2020-2727", "CVE-2020-2741", "CVE-2020-2742", "CVE-2020-2743", "CVE-2020-2748", "CVE-2020-2758", "CVE-2020-2894", "CVE-2020-2902", "CVE-2020-2905", "CVE-2020-2907", "CVE-2020-2908", "CVE-2020-2909", "CVE-2020-2910", "CVE-2020-2911", "CVE-2020-2913", "CVE-2020-2914", "CVE-2020-2929", "CVE-2020-2951", "CVE-2020-2958", "CVE-2020-2959"], "modified": "2021-01-12T00:00:00", "id": "GLSA-202101-09", "href": "https://security.gentoo.org/glsa/202101-09", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oracle": [{"lastseen": "2021-10-22T15:44:21", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 319 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2559985.1>).\n\n** Please note that since the release of the April 2019 Critical Patch Update, Oracle has released two Security Alerts for Oracle WebLogic Server: CVE-2019-2725 (April 29, 2019) and CVE-2019-2729 (June 18, 2019). WebLogic Server customers are strongly advised to apply the fixes contained in this Critical Patch Update, which provides the fixes for the previously-released Alerts as well as additional fixes.**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2019-07-16T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2019", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114", "CVE-2015-0226", "CVE-2015-0227", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2183", "CVE-2016-3473", "CVE-2016-5007", "CVE-2016-6306", "CVE-2016-6497", "CVE-2016-6814", "CVE-2016-7103", "CVE-2016-8610", "CVE-2016-8735", "CVE-2016-9572", "CVE-2016-9878", "CVE-2017-14735", "CVE-2017-15095", "CVE-2017-3164", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-5645", "CVE-2017-5647", "CVE-2017-5664", "CVE-2017-5715", "CVE-2017-7525", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000180", "CVE-2018-1000301", "CVE-2018-1000613", "CVE-2018-1000873", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-16890", "CVE-2018-17189", "CVE-2018-17197", "CVE-2018-17199", "CVE-2018-17960", "CVE-2018-18311", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-2883", "CVE-2018-3111", "CVE-2018-3315", "CVE-2018-3316", "CVE-2018-5407", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8034", "CVE-2018-8039", "CVE-2018-9861", "CVE-2019-0190", "CVE-2019-0192", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0222", "CVE-2019-0232", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12814", "CVE-2019-1543", "CVE-2019-1559", "CVE-2019-2484", "CVE-2019-2561", "CVE-2019-2569", "CVE-2019-2599", "CVE-2019-2666", "CVE-2019-2668", "CVE-2019-2672", "CVE-2019-2725", "CVE-2019-2727", "CVE-2019-2728", "CVE-2019-2729", "CVE-2019-2730", "CVE-2019-2731", "CVE-2019-2732", "CVE-2019-2733", "CVE-2019-2735", "CVE-2019-2736", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2742", "CVE-2019-2743", "CVE-2019-2744", "CVE-2019-2745", "CVE-2019-2746", "CVE-2019-2747", "CVE-2019-2748", "CVE-2019-2749", "CVE-2019-2750", "CVE-2019-2751", "CVE-2019-2752", "CVE-2019-2753", "CVE-2019-2754", "CVE-2019-2755", "CVE-2019-2756", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2759", "CVE-2019-2760", "CVE-2019-2761", "CVE-2019-2762", "CVE-2019-2763", "CVE-2019-2764", "CVE-2019-2766", "CVE-2019-2767", "CVE-2019-2768", "CVE-2019-2769", "CVE-2019-2770", "CVE-2019-2771", "CVE-2019-2772", "CVE-2019-2773", "CVE-2019-2774", "CVE-2019-2775", "CVE-2019-2776", "CVE-2019-2777", "CVE-2019-2778", "CVE-2019-2779", "CVE-2019-2780", "CVE-2019-2781", "CVE-2019-2782", "CVE-2019-2783", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2786", "CVE-2019-2787", "CVE-2019-2788", "CVE-2019-2789", "CVE-2019-2790", "CVE-2019-2791", "CVE-2019-2792", "CVE-2019-2793", "CVE-2019-2794", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2799", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2804", "CVE-2019-2805", "CVE-2019-2807", "CVE-2019-2808", "CVE-2019-2809", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2813", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2816", "CVE-2019-2817", "CVE-2019-2818", "CVE-2019-2819", "CVE-2019-2820", "CVE-2019-2821", "CVE-2019-2822", "CVE-2019-2823", "CVE-2019-2824", "CVE-2019-2825", "CVE-2019-2826", "CVE-2019-2827", "CVE-2019-2828", "CVE-2019-2829", "CVE-2019-2830", "CVE-2019-2831", "CVE-2019-2832", "CVE-2019-2833", "CVE-2019-2834", "CVE-2019-2835", "CVE-2019-2836", "CVE-2019-2837", "CVE-2019-2838", "CVE-2019-2839", "CVE-2019-2840", "CVE-2019-2841", "CVE-2019-2842", "CVE-2019-2843", "CVE-2019-2844", "CVE-2019-2845", "CVE-2019-2846", "CVE-2019-2847", "CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2854", "CVE-2019-2855", "CVE-2019-2856", "CVE-2019-2857", "CVE-2019-2858", "CVE-2019-2859", "CVE-2019-2860", "CVE-2019-2861", "CVE-2019-2862", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2868", "CVE-2019-2869", "CVE-2019-2870", "CVE-2019-2871", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877", "CVE-2019-2878", "CVE-2019-2879", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-5597", "CVE-2019-5598", "CVE-2019-6129", "CVE-2019-7317"], "modified": "2020-10-12T00:00:00", "id": "ORACLE:CPUJUL2019", "href": "https://www.oracle.com/security-alerts/cpujul2019.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-08T18:48:58", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 319 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2559985.1>).\n\n** Please note that since the release of the April 2019 Critical Patch Update, Oracle has released two Security Alerts for Oracle WebLogic Server: [ CVE-2019-2725 (April 29, 2019)](<http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html>) and [ CVE-2019-2729 (June 18, 2019)](<http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html>). WebLogic Server customers are strongly advised to apply the fixes contained in this Critical Patch Update, which provides the fixes for the previously-released Alerts as well as additional fixes.**\n", "edition": 2, "cvss3": {}, "published": "2019-07-16T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update - July 2019", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-2794", "CVE-2019-2853", "CVE-2019-2820", "CVE-2019-0220", "CVE-2018-19362", "CVE-2015-9251", "CVE-2019-2768", "CVE-2019-5598", "CVE-2019-2839", "CVE-2019-2484", "CVE-2019-2842", "CVE-2019-2793", "CVE-2019-12086", "CVE-2018-1000120", "CVE-2019-2867", "CVE-2019-2824", "CVE-2018-0732", "CVE-2019-2740", "CVE-2019-2818", "CVE-2016-7103", "CVE-2019-2743", "CVE-2018-11055", "CVE-2018-1000180", "CVE-2019-2672", "CVE-2018-1304", "CVE-2019-2855", "CVE-2018-17960", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-11358", "CVE-2019-2788", "CVE-2019-2825", "CVE-2019-0217", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2015-0227", "CVE-2019-2878", "CVE-2019-2807", "CVE-2019-2784", "CVE-2018-1275", "CVE-2019-2856", "CVE-2019-2879", "CVE-2018-7489", "CVE-2018-19361", "CVE-2016-6306", "CVE-2019-2838", "CVE-2019-2770", "CVE-2019-2785", "CVE-2019-2762", "CVE-2016-2183", "CVE-2019-2799", "CVE-2018-0734", "CVE-2019-2817", "CVE-2018-5407", "CVE-2019-0190", "CVE-2019-2736", "CVE-2016-9878", "CVE-2017-3735", "CVE-2019-2781", "CVE-2019-7317", "CVE-2018-15756", "CVE-2018-1271", "CVE-2018-14719", "CVE-2016-3473", "CVE-2019-2599", "CVE-2019-3823", "CVE-2019-6129", "CVE-2019-2764", "CVE-2018-1000121", "CVE-2019-2808", "CVE-2019-2833", "CVE-2019-2749", "CVE-2018-11039", "CVE-2019-2731", "CVE-2019-2758", "CVE-2019-2845", "CVE-2019-2816", "CVE-2019-2761", "CVE-2019-2850", "CVE-2019-2830", "CVE-2019-2847", "CVE-2018-11307", "CVE-2019-0192", "CVE-2019-0211", "CVE-2018-14720", "CVE-2019-2805", "CVE-2019-2854", "CVE-2019-2782", "CVE-2019-2810", "CVE-2018-18311", "CVE-2019-2748", "CVE-2019-2754", "CVE-2019-2778", "CVE-2019-2852", "CVE-2019-2826", "CVE-2019-2862", "CVE-2019-2789", "CVE-2019-2759", "CVE-2016-0701", "CVE-2019-0232", "CVE-2017-3737", "CVE-2019-2732", "CVE-2019-2745", "CVE-2019-12814", "CVE-2019-2860", "CVE-2019-2737", "CVE-2019-2777", "CVE-2018-12022", "CVE-2019-2877", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2837", "CVE-2019-0199", "CVE-2019-2841", "CVE-2019-2776", "CVE-2018-1000122", "CVE-2019-2730", "CVE-2018-1305", "CVE-2019-2666", "CVE-2019-2763", "CVE-2019-2846", "CVE-2019-2790", "CVE-2019-2848", "CVE-2018-11057", "CVE-2015-0226", "CVE-2018-16890", "CVE-2019-1543", "CVE-2016-8610", "CVE-2019-2733", "CVE-2019-2752", "CVE-2018-1000873", "CVE-2018-11056", "CVE-2018-11775", "CVE-2018-0735", "CVE-2017-5647", "CVE-2019-2829", "CVE-2019-2751", "CVE-2018-1257", "CVE-2017-5715", "CVE-2019-2738", "CVE-2018-14721", "CVE-2019-2803", "CVE-2019-2767", "CVE-2019-2775", "CVE-2019-2727", "CVE-2016-6497", "CVE-2019-2668", "CVE-2018-3111", "CVE-2014-0114", "CVE-2019-2823", "CVE-2018-3315", "CVE-2019-0215", "CVE-2019-2821", "CVE-2019-5597", "CVE-2018-0739", "CVE-2019-2771", "CVE-2019-2843", "CVE-2019-2861", "CVE-2018-8034", "CVE-2018-15769", "CVE-2019-2757", "CVE-2019-2831", "CVE-2019-2865", "CVE-2019-2815", "CVE-2019-2796", "CVE-2018-1000613", "CVE-2016-9572", "CVE-2019-0197", "CVE-2019-2747", "CVE-2019-2739", "CVE-2019-2797", "CVE-2018-8013", "CVE-2019-2866", "CVE-2019-2769", "CVE-2019-0196", "CVE-2018-1272", "CVE-2019-2741", "CVE-2017-7525", "CVE-2019-2840", "CVE-2019-2835", "CVE-2019-2783", "CVE-2017-3164", "CVE-2018-1270", "CVE-2019-2809", "CVE-2019-2728", "CVE-2017-5664", "CVE-2019-2772", "CVE-2019-2791", "CVE-2016-5007", "CVE-2019-2875", "CVE-2019-2760", "CVE-2018-19360", "CVE-2018-0733", "CVE-2018-17199", "CVE-2016-1181", "CVE-2019-2792", "CVE-2019-2774", "CVE-2019-2812", "CVE-2016-8735", "CVE-2019-2836", "CVE-2018-17189", "CVE-2019-2859", "CVE-2017-14735", "CVE-2017-3738", "CVE-2019-2750", "CVE-2019-0222", "CVE-2019-2779", "CVE-2019-2766", "CVE-2019-2804", "CVE-2019-2871", "CVE-2018-11058", "CVE-2019-2744", "CVE-2019-2725", "CVE-2019-2746", "CVE-2019-2868", "CVE-2019-1559", "CVE-2018-3316", "CVE-2018-17197", "CVE-2018-11784", "CVE-2017-5645", "CVE-2019-2800", "CVE-2019-3822", "CVE-2019-2569", "CVE-2019-2870", "CVE-2019-2873", "CVE-2019-2827", "CVE-2019-2735", "CVE-2017-3736", "CVE-2019-2813", "CVE-2019-2864", "CVE-2019-2828", "CVE-2019-2869", "CVE-2019-2780", "CVE-2019-2834", "CVE-2018-0737", "CVE-2019-2742", "CVE-2019-2844", "CVE-2019-2786", "CVE-2019-2876", "CVE-2019-2822", "CVE-2018-2883", "CVE-2019-2819", "CVE-2017-15095", "CVE-2018-11040", "CVE-2019-2561", "CVE-2019-2858", "CVE-2019-2755", "CVE-2018-11054", "CVE-2019-2801", "CVE-2016-6814", "CVE-2018-9861", "CVE-2019-2857", "CVE-2016-1000031", "CVE-2018-1000301", "CVE-2019-2874", "CVE-2019-2753", "CVE-2019-2756", "CVE-2018-12023", "CVE-2019-2787", "CVE-2018-8039", "CVE-2019-2773", "CVE-2019-2729", "CVE-2019-2863", "CVE-2019-2832"], "modified": "2019-08-16T00:00:00", "id": "ORACLE:CPUJUL2019-5072835", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
