427 matches found
CVE-2019-2725
CVE-2019-2725 is an Oracle WebLogic Server vulnerability (Web Services subcomponent) that allows unauthenticated, network-based remote code execution via HTTP. Affected versions include Oracle WebLogic Server 10.3.6.0.0 and 12.1.3.0.0. The root cause is deserialization of untrusted objects in Web...
CVE-2017-5715
CVE-2017-5715 (Spectre Variant 2) describes speculative-execution side-channel issues used to disclose memory. Connected docs show concrete mitigations and impact across vendors: AMD notes that LFENCE/JMP mitigation (V2-2) may be insufficient on some CPUs; AMD recommends standard mitigations (ret...
CVE-2018-5407
CVE-2018-5407 is a PortSmash timing-side channel vulnerability in SMT/Hyper-Threading affecting OpenSSL. Local attackers could exploit a timing leakage during cryptographic operations to gain information. Documented in multiple advisories (e.g., ALAS/ALAS2 for OpenSSL) with remediation stating to...
CVE-2015-0235
CVE-2015-0235 (GHOST) is a heap-based buffer overflow in glibc’s __nss_hostname_digits_dots() used by gethostbyname/gethostbyname2. Affected glibc versions include 2.2 up to 2.17; patched in glibc-2.18 and later. Exploitation could allow remote or context-dependent arbitrary code execution depend...
CVE-2018-0735
CVE-2018-0735 corresponds to a timing side-channel vulnerability in OpenSSL’s ECDSA signature generation. An attacker could exploit variations in signing to recover the private key. Affected: OpenSSL 1.1.0 (1.1.0-1.1.0i) and OpenSSL 1.1.1 (1.1.1) prior to the fixes. Fixes were released in OpenSSL...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2015-3197
OpenSSL CVE-2015-3197 affects the SSLv2 handling in OpenSSL 1.0.1 prior to 1.0.1r and 1.0.2 prior to 1.0.2f, where SSLv2 ciphers marked as disabled could still be negotiated, enabling a MITM through SSLv2 traffic. The issue is tied to the get_client_master_key and get_client_hello paths in ssl/s2...
CVE-2015-8104
CVE-2015-8104 affects the KVM/Hypervisor stack in Linux kernel up to 4.2.6 and Xen up to 4.6.x. The issue arises from handling of Debug (DB) exceptions in svm.c, allowing a guest OS user to trigger many DBs to cause a host denial-of-service (panic/hang). Connected CNA/records also show a link to ...
CVE-2020-2959
CVE-2020-2959 affects Oracle VM VirtualBox (Core) with affected versions prior to 5.2.40, 6.0.20, and 6.1.6. The vulnerability can be exploited remotely by an unauthenticated attacker over the network (via MLD) and may cause a hang or frequent crashes (complete DOS) of VirtualBox. Remediation in ...
CVE-2024-21111
CVE-2024-21111 affects Oracle VM VirtualBox (Core) with affected versions prior to 7.0.16 on Windows hosts. The connected exploit DB entry documents a Privilege Escalation exploit for VirtualBox 7.0.16 on Windows x64, indicating local attacker access can lead to takeover of VirtualBox. Several ad...
CVE-2019-2525
CVE-2019-2525 affects Oracle VM VirtualBox (Core) prior to 5.2.24 and prior to 6.0.2. Description: vulnerability allows a low-privileged user with logon to the host to compromise VirtualBox and potentially access its data. OpenVAS/Tenable disclosures and OpenSUSE advisories confirm this is a secu...
CVE-2015-3195
CVE-2015-3195 affects OpenSSL’s ASN.1/TASN_DEC implementation mishandling errors from malformed X509_ATTRIBUTE data, enabling remote attackers to read memory of a CMS/PKCS#7 process. Public records show impact across multiple OpenSSL lines prior to updates: 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 bef...
CVE-2019-2866
CVE-2019-2866 affects the Oracle VM VirtualBox core component. Affected products/versions: Oracle VM VirtualBox Prior to 5.2.32 and prior to 6.0.10. Root cause: vulnerability in the VirtualBox core subcomponent that can be exploited locally. Impact: a highly privileged attacker with logon to the ...
CVE-2019-2859
CVE-2019-2859 affects Oracle VM VirtualBox Core (VirtualBox) with vulnerable versions prior to 5.2.32 and prior to 6.0.10. The issue allows a low-privilege, local attacker with logon to the host to take over VirtualBox, and attacks may impact additional products. Public details in the provided do...
CVE-2019-2548
CVE-2019-2548 affects Oracle VM VirtualBox Core with vulnerable paths in the OpenGL/HGCM pipeline. The Oracle VirtualBox components for hosts prior to 5.2.24 and 6.0.2 are exploitable when a low-privileged user with logon can trigger an attacker-controlled call chain. Public material in connected...
CVE-2019-2863
CVE-2019-2863 affects the Oracle VM VirtualBox core component. Affected are VirtualBox versions prior to 5.2.32 and prior to 6.0.10. The issue is described as an easily exploitable, local vulnerability that lets a low-privileged attacker with logon to the hosting infrastructure compromise Virtual...
CVE-2019-2873
CVE-2019-2873 affects the Oracle VM VirtualBox core component. Affected: Oracle VirtualBox Core in VirtualBox with versions prior to 5.2.32 and prior to 6.0.10. Description: an easily exploitable, low-privilege local attacker can log on to the infrastructure hosting VirtualBox and cause a partial...
CVE-2019-2877
CVE-2019-2877 affects Oracle VM VirtualBox (subcomponent: Core). Affected versions are prior to 5.2.32 and prior to 6.0.10. The vulnerability allows a low-privileged attacker who has logon to the infrastructure where VirtualBox executes to compromise VirtualBox, potentially causing a hang or a fr...
CVE-2015-5307
CVE-2015-5307 affects the Linux kernel KVM subsystem (through 4.2.6) and Xen (4.3.x–4.6.x). An attacker who has local access in a guest can trigger many #AC exceptions (Alignment Check), potentially causing a host panic/hang. Root cause involves svm.c/vmx.c handling of alignment-related events. P...
CVE-2021-2291
CVE-2021-2291 affects Oracle VM VirtualBox Core prior to 6.1.20. The vulnerability, described as difficult to exploit, allows a low-privileged attacker with logon to the infrastructure where VirtualBox runs to gain unauthorized access to data or full access to VirtualBox data. CVSS 3.1 base score...
CVE-2021-2074
CVE-2021-2074 affects Oracle VM VirtualBox (Core) prior to version 6.1.18. The vulnerability enables a high-privilege attacker who can log on to the host to compromise VirtualBox, with potential impact to related Oracle virtualization products. The CVSS v3.1 base score is 8.2 (Impact: Confidentia...
CVE-2021-2279
CVE-2021-2279 affects Oracle VM VirtualBox (Core) with versions prior to 6.1.20. An unauthenticated attacker with network access via RDP can exploit this vulnerability to take over Oracle VM VirtualBox. The impact concerns confidentiality, integrity, and availability, as described in the CVSS met...
CVE-2021-2264
CVE-2021-2264 affects Oracle VM VirtualBox (Core) prior to 6.1.20. The vulnerability, with CVSS v3.1 base score 8.4 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N), can allow a low-privilege, locally authenticated attacker to compromise VirtualBox and potentially access or modify data. Public sources consi...
CVE-2021-2454
CVE-2021-2454 affects Oracle VM VirtualBox (Core) with versions prior to 6.1.24. The vulnerability enables a low-privileged, local attacker with logon to the host to take over Oracle VM VirtualBox. Impact is described as takeover of VirtualBox, with high severity (CVSS v3.1 base 7.0). Affected pr...
CVE-2015-3196
OpenSSL CVE-2015-3196 affects multi-threaded clients where the PSK identity hint is written to the wrong data structure, allowing a remote server to cause a denial of service via a crafted ServerKeyExchange message (race condition and double free). Affected releases include OpenSSL 1.0.0 before 1...
CVE-2019-2556
CVE-2019-2556 affects Oracle VM VirtualBox (Core) with affected builds prior to 5.2.24 and prior to 6.0.2. The issue is exploitable locally: an attacker who can log on to the host infrastructure can compromise VirtualBox, with potential impact to data confidentiality. Public documents from OpenSU...
CVE-2021-2309
Oracle VM VirtualBox (Core) prior to 6.1.20 is affected by CVE-2021-2309 among other CVEs. The issues enable takeover via high-privilege actions by authenticated users (logon) or network access in some cases, with potential for arbitrary code execution, information disclosure, and filesystem acce...
CVE-2019-2554
CVE-2019-2554 affects Oracle VM VirtualBox (Core). Affected are Oracle VM VirtualBox versions prior to 5.2.24 and prior to 6.0.2. According to the description, a low-privilege attacker who has logon to the infrastructure where VirtualBox runs can compromise VirtualBox, with potential unauthorized...
CVE-2021-2145
CVE-2021-2145 affects Oracle VM VirtualBox Core prior to 6.1.20. The issue enables an attacker with logon to the host infrastructure to compromise VirtualBox, with potential takeover and impact to other products. The trusted sources in connected documents describe multiple CVEs in VirtualBox 6.1....
CVE-2021-2310
CVE-2021-2310 affects Oracle VM VirtualBox (Core) with impact described as takeover of VirtualBox. Affected releases are prior to 6.1.20. The vulnerability is exploitable by a high-privilege attacker who already has logon to the infrastructure where VirtualBox runs; exploitation can compromise th...
CVE-2021-2281
CVE-2021-2281 affects Oracle VM VirtualBox (Core) with affected versions prior to 6.1.20. The vulnerability allows an unauthenticated attacker who can log on to the infrastructure where VirtualBox runs to compromise VirtualBox, potentially leading to unauthorized creation, deletion, or modificati...
CVE-2021-2282
CVE-2021-2282 affects Oracle VM VirtualBox Core, with vulnerable versions before 6.1.20. The issue enables information disclosure or unauthorized data access when an unauthenticated user logs on to the infrastructure where VirtualBox runs. The practical impact is access to critical data or all Vi...
CVE-2020-2951
CVE-2020-2951 affects the Oracle VM VirtualBox core component. Affected products/versions include VirtualBox 5.2.x before 5.2.40, 6.0.x before 6.0.20, and 6.1.x before 6.1.6. The issue allows a low-privilege attacker with local logon to cause a hang or frequent crashes (denial of service) in Virt...
CVE-2021-2266
CVE-2021-2266 affects Oracle VM VirtualBox (Core) with impact of information disclosure. Affected products are VirtualBox released before version 6.1.20; exploitation could allow a high-privilege attacker with logon to the host infrastructure to access sensitive data or, in some entries, take ove...
CVE-2021-2287
Oracle VM VirtualBox CVE-2021-2287 affects the Core component and is tied to versions prior to 6.1.20. The vulnerability enables an unauthenticated attacker with local logon to compromise the VirtualBox instance, potentially leading to unauthorized data access. The issue is documented with a CVSS...
CVE-2021-2312
CVE-2021-2312 concerns Oracle VM VirtualBox (Core) with affected builds prior to 6.1.20 on Windows. The issue allows a high-privilege, local attacker to cause a hang or a frequent crash (partial/complete DOS) of VirtualBox. Public sources consistently tie the flaw to Windows systems and describe ...
CVE-2019-2506
The CVE-2019-2506 issue affects Oracle VM VirtualBox (Core) with affected versions prior to 5.2.24 and prior to 6.0.2. The vulnerability enables a low-privilege attacker with logon access to compromise VirtualBox, potentially leading to unauthorized read access to a subset of VirtualBox data. Mul...
CVE-2020-2958
CVE-2020-2958 affects Oracle VM VirtualBox core. Affected versions are prior to 5.2.40, 6.0.20, and 6.1.6. The issue is described as difficult to exploit but allows a high-privileged attacker with local logon to compromise VirtualBox and potentially takeover it; impact can extend to related produ...
CVE-2019-2721
CVE-2019-2721 affects Oracle VM VirtualBox (core component). Affected versions are before 5.2.28 and before 6.0.6. The vulnerability allows a low-privilege user with logon to compromise VirtualBox and may impact other products; successful attacks can take over VirtualBox. Mitigation in public adv...
CVE-2020-2914
CVE-2020-2914 affects Oracle VM VirtualBox (Core) with vulnerable versions prior to 6.0.20 and prior to 6.1.6. The issue is described as difficult to exploit and requires a low-privileged attacker with local logon to the host running VirtualBox, with potential takeover of the VirtualBox hyperviso...
CVE-2021-2284
The CVE-2021-2284 entry relates to Oracle VM VirtualBox (Core) with impact on versions prior to 6.1.20. The connected documents describe multiple vulnerabilities in VirtualBox Core that allow various attack paths: arbitrary code execution, information disclosure, and filesystem access, potentiall...
CVE-2021-2286
CVE-2021-2286 affects Oracle VM VirtualBox Core with versions prior to 6.1.20. The issue is described as an arbitrary filesystem access vulnerability that could allow an unauthenticated or logged-on attacker to access data or modify data within VirtualBox, depending on context. The exposure is ti...
CVE-2021-2297
CVE-2021-2297 concerns Oracle VM VirtualBox, Core component, with affected versions prior to 6.1.20. The issue allows a high-privileged attacker who can log on to the infrastructure where VirtualBox runs to compromise the VM VirtualBox, potentially leading to unauthorized access to sensitive data...
CVE-2022-21471
CVE-2022-21471 affects Oracle VM VirtualBox (Core) with versions before 6.1.34. The vulnerability can be exploited by a locally logged-on, low-privilege attacker to cause a hang or a frequent crash (DoS) of VirtualBox, with potential impact on additional Oracle products. The issue is repeatedly c...
CVE-2020-14629
CVE-2020-14629 affects Oracle VM VirtualBox (Core). Affected are VirtualBox versions prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. The issue allows a high-privilege attacker with local logon to compromise VirtualBox, potentially leading to unauthorized access to data across VirtualBox-ava...
CVE-2020-14675
CVE-2020-14675 affects Oracle VM VirtualBox (Core). Affected: VirtualBox versions prior to 5.2.44, prior to 6.0.24, and prior to 6.1.12. Root cause is described in public advisories as a vulnerability that could allow a high-privilege attacker with local logon to compromise the VirtualBox instanc...
CVE-2020-2910
CVE-2020-2910 affects Oracle VM VirtualBox (Core) with affected versions prior to 6.0.20 and prior to 6.1.6. The vulnerability allows a low-privileged user with logon to the host running VirtualBox to compromise the VirtualBox component, potentially leading to unauthorized creation, deletion or m...
CVE-2018-3309
CVE-2018-3309 affects Oracle VM VirtualBox (Core) prior to 5.2.22. The vulnerability allows a high-privilege, local attacker with logon to compromise VirtualBox, with potential impact on additional products and full takeover of VirtualBox. Public advisories indicate update to VirtualBox 5.2.24 (a...
CVE-2019-2446
CVE-2019-2446 affects Oracle VM VirtualBox (Core) with vulnerable OpenGL/guest-VM handling prior to 5.2.24 and prior to 6.0.2. Exploitation could allow a low-privileged user with logon to the host infrastructure to access or compromise data within VirtualBox. Public advisories from OpenSUSE/Magei...
CVE-2020-2907
CVE-2020-2907 affects the Core of Oracle VM VirtualBox. Affected are VirtualBox versions prior to 5.2.40, 6.0.20, and 6.1.6. The vulnerability is described as difficult to exploit but allows a high-privileged attacker with local access to compromise VirtualBox, potentially impacting other product...