Lucene search

K
osvGoogleOSV:DLA-268-1
HistoryJul 06, 2015 - 12:00 a.m.

virtualbox-ose - security update

2015-07-0600:00:00
Google
osv.dev
5

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

39.7%

Three vulnerabilities have been fixed in the Debian squeeze-lts version of
VirtualBox (package name: virtualbox-ose), a x86 virtualisation solution.

  • CVE-2015-0377
    Avoid VirtualBox allowing local users to affect availability via
    unknown vectors related to Core, which might result in denial of
    service. (Other issue than CVE-2015-0418).
  • CVE-2015-0418
    Avoid VirtualBox allowing local users to affect availability via
    unknown vectors related to Core, which might result in denial of
    service. (Other issue than CVE-2015-0377).
  • CVE-2015-3456
    The Floppy Disk Controller (FDC) in QEMU, also used in VirtualBox and
    other virtualization products, allowed local guest users to cause a
    denial of service (out-of-bounds write and guest crash) or possibly
    execute arbitrary code via the (1) FD_CMD_READ_ID, (2)
    FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands,
    aka VENOM.

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

39.7%