CVE-2017-3558

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM...

CVE-2017-3559

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM...

CVE-2017-3561

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM...

CVE-2017-3575

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM...

CVE-2017-3576

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM...

CVE-2017-3587

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

CVE-2017-3563

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM...

CVE-2017-3561

CVE-2017-3561 affects Oracle VM VirtualBox Core, with affected versions prior to 5.0.38 and prior to 5.1.20. The flaw is described as easily exploitable by a low-privilege user with logon, potentially enabling takeover of Oracle VM VirtualBox and impacting connected products. Public updates exist...

CVE-2017-3559

CVE-2017-3559 affects the Oracle VM VirtualBox core subcomponent in Oracle Virtualization. Affected versions are prior to 5.0.38 and prior to 5.1.20. It is an easily exploitable, local vulnerability that an attacker with logon privileges can abuse to cause a hang or crash (DoS) and to access or m...

CVE-2017-3538

CVE-2017-3538 affects Oracle VM VirtualBox (Shared Folder subcomponent). The initial description specifies affected versions: prior to 5.0.34 and prior to 5.1.16. The vulnerability can be exploited by a low-privilege user with logon to the host infrastructure, enabling unauthorized creation, dele...

CVE-2017-3587

CVE-2017-3587 refers to a vulnerability in the Shared Folder subcomponent of Oracle VM VirtualBox. Affected product versions are VirtualBox prior to 5.0.38 and prior to 5.1.20. An attacker with low privileges and local logon can exploit this to gain unauthorized creation, deletion or modification...

CVE-2017-3558

CVE-2017-3558 affects Oracle VM VirtualBox (Core) with builds prior to 5.0.38 and 5.1.20. The issue stems from a heap allocator (slirp) and header handling in VirtualBox’ networking code, where an attacker can corrupt a heap header via crafted IP/UDP/TCP input. Due to dropped asserts in release b...

CVE-2017-3513

CVE-2017-3513 affects Oracle VM VirtualBox core; affected are prior to 5.0.38 and prior to 5.1.20. The issue allows a high-privilege attacker with logon to read a subset of VirtualBox data (local access). Several connected advisories confirm fixed updates: openSUSE/OpenSUSE-533/534 reference Virt...

CVE-2017-3576

Summary : CVE-2017-3576 affects the Oracle VM VirtualBox core subcomponent. Affected software: Oracle VM VirtualBox core (Virtualization platform) with vulnerable ranges prior to 5.0.38 and prior to 5.1.20. Root cause/impact : Easily exploitable vulnerability that allows a low-privileged user wit...

CVE-2017-3575

CVE-2017-3575 affects Oracle VM VirtualBox core subcomponent; affected versions are prior to 5.0.38 and prior to 5.1.20. The issue is described as easily exploitable by a high-privilege attacker with logon to the infrastructure running VirtualBox, potentially leading to unauthorized data creation...

CVE-2017-3563

CVE-2017-3563 affects Oracle VM VirtualBox Core in 5.0.x and 5.1.x before 5.0.38/5.1.20. The root cause is a chain-of-trust DLL loading weakness in VirtualBox process hardening, which can be exploited by abusing COM hijacks to load Microsoft-signed DLLs (via hijacked VirtualBoxClient COM object) ...

KLA11027 Multiple vulnerabilities in Oracle VM VirtualBox

Multiple serious vulnerabilities have been found in Oracle VM VirtualBox. Malicious users can exploit these vulnerabilities to cause a denial of service, read and write accesible data and possibly to obtain sensitive information. Below is a complete list of vulnerabilities: 1. Multiple unspecifie...

KLA11028 A read/write local files vulnerability in Oracle VM Virtual Box

An unspecified vulnerability was found in Oracle VM VirtualBox. By exploiting this vulnerability low priveleged malicious users with logon to the infrastructure, where OracleVM VirtualBox is executed, can write to some of Oracle VM VirtualBox accessible data and read a subset of Oracle VM...

VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation Exploi

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1091 This bug report describes two separate issues that, when combined, allow any user on a Linux host system on which VirtualBox is installed to gain code execution in the kernel...

VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation Exploit

Exploit for windows platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1103 VirtualBox: Windows Process COM Injection EoP Platform: VirtualBox v5.0.32 r112930 x64 Tested on Windows 10 Class: Elevation of Privilege Summary: The process hardening...