Lucene search
K
OracleVm Virtualbox

427 matches found

CVE
CVE
added 2019/04/26 6:21 p.m.1910 views

CVE-2019-2725

CVE-2019-2725 is an Oracle WebLogic Server vulnerability (Web Services subcomponent) that allows unauthenticated, network-based remote code execution via HTTP. Affected versions include Oracle WebLogic Server 10.3.6.0.0 and 12.1.3.0.0. The root cause is deserialization of untrusted objects in Web...

9.8CVSS9.5AI score0.99964EPSS
In wild
CVE
CVE
added 2018/01/04 1:0 p.m.1425 views

CVE-2017-5715

CVE-2017-5715 (Spectre Variant 2) describes speculative-execution side-channel issues used to disclose memory. Connected docs show concrete mitigations and impact across vendors: AMD notes that LFENCE/JMP mitigation (V2-2) may be insufficient on some CPUs; AMD recommends standard mitigations (ret...

5.6CVSS6.2AI score0.74041EPSS
CVE
CVE
added 2018/11/15 9:0 p.m.673 views

CVE-2018-5407

CVE-2018-5407 is a PortSmash timing-side channel vulnerability in SMT/Hyper-Threading affecting OpenSSL. Local attackers could exploit a timing leakage during cryptographic operations to gain information. Documented in multiple advisories (e.g., ALAS/ALAS2 for OpenSSL) with remediation stating to...

4.7CVSS5.6AI score0.03418EPSS
CVE
CVE
added 2015/01/28 7:0 p.m.597 views

CVE-2015-0235

CVE-2015-0235 (GHOST) is a heap-based buffer overflow in glibc’s __nss_hostname_digits_dots() used by gethostbyname/gethostbyname2. Affected glibc versions include 2.2 up to 2.17; patched in glibc-2.18 and later. Exploitation could allow remote or context-dependent arbitrary code execution depend...

10CVSS7.7AI score0.94859EPSS
In wild
CVE
CVE
added 2018/10/29 1:0 p.m.569 views

CVE-2018-0735

CVE-2018-0735 corresponds to a timing side-channel vulnerability in OpenSSL’s ECDSA signature generation. An attacker could exploit variations in signing to recover the private key. Affected: OpenSSL 1.1.0 (1.1.0-1.1.0i) and OpenSSL 1.1.1 (1.1.1) prior to the fixes. Fixes were released in OpenSSL...

5.9CVSS5.7AI score0.04763EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.296 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2016/02/15 12:0 a.m.264 views

CVE-2015-3197

OpenSSL CVE-2015-3197 affects the SSLv2 handling in OpenSSL 1.0.1 prior to 1.0.1r and 1.0.2 prior to 1.0.2f, where SSLv2 ciphers marked as disabled could still be negotiated, enabling a MITM through SSLv2 traffic. The issue is tied to the get_client_master_key and get_client_hello paths in ssl/s2...

5.9CVSS6.4AI score0.10731EPSS
CVE
CVE
added 2015/11/16 12:0 a.m.260 views

CVE-2015-8104

CVE-2015-8104 affects the KVM/Hypervisor stack in Linux kernel up to 4.2.6 and Xen up to 4.6.x. The issue arises from handling of Debug (DB) exceptions in svm.c, allowing a guest OS user to trigger many DBs to cause a host denial-of-service (panic/hang). Connected CNA/records also show a link to ...

10CVSS5.3AI score0.02501EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.239 views

CVE-2020-2959

CVE-2020-2959 affects Oracle VM VirtualBox (Core) with affected versions prior to 5.2.40, 6.0.20, and 6.1.6. The vulnerability can be exploited remotely by an unauthenticated attacker over the network (via MLD) and may cause a hang or frequent crashes (complete DOS) of VirtualBox. Remediation in ...

8.6CVSS7.9AI score0.0262EPSS
CVE
CVE
added 2024/04/16 9:26 p.m.232 views

CVE-2024-21111

CVE-2024-21111 affects Oracle VM VirtualBox (Core) with affected versions prior to 7.0.16 on Windows hosts. The connected exploit DB entry documents a Privilege Escalation exploit for VirtualBox 7.0.16 on Windows x64, indicating local attacker access can lead to takeover of VirtualBox. Several ad...

7.8CVSS7.6AI score0.0178EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.229 views

CVE-2019-2525

CVE-2019-2525 affects Oracle VM VirtualBox (Core) prior to 5.2.24 and prior to 6.0.2. Description: vulnerability allows a low-privileged user with logon to the host to compromise VirtualBox and potentially access its data. OpenVAS/Tenable disclosures and OpenSUSE advisories confirm this is a secu...

5.6CVSS5.7AI score0.01124EPSS
CVE
CVE
added 2015/12/06 12:0 a.m.227 views

CVE-2015-3195

CVE-2015-3195 affects OpenSSL’s ASN.1/TASN_DEC implementation mishandling errors from malformed X509_ATTRIBUTE data, enabling remote attackers to read memory of a CMS/PKCS#7 process. Public records show impact across multiple OpenSSL lines prior to updates: 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 bef...

5.3CVSS6.3AI score0.38709EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.203 views

CVE-2019-2866

CVE-2019-2866 affects the Oracle VM VirtualBox core component. Affected products/versions: Oracle VM VirtualBox Prior to 5.2.32 and prior to 6.0.10. Root cause: vulnerability in the VirtualBox core subcomponent that can be exploited locally. Impact: a highly privileged attacker with logon to the ...

8.2CVSS8.2AI score0.00471EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.201 views

CVE-2019-2859

CVE-2019-2859 affects Oracle VM VirtualBox Core (VirtualBox) with vulnerable versions prior to 5.2.32 and prior to 6.0.10. The issue allows a low-privilege, local attacker with logon to the host to take over VirtualBox, and attacks may impact additional products. Public details in the provided do...

8.8CVSS8.5AI score0.00466EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.192 views

CVE-2019-2548

CVE-2019-2548 affects Oracle VM VirtualBox Core with vulnerable paths in the OpenGL/HGCM pipeline. The Oracle VirtualBox components for hosts prior to 5.2.24 and 6.0.2 are exploitable when a low-privileged user with logon can trigger an attacker-controlled call chain. Public material in connected...

7.8CVSS6.3AI score0.00799EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.187 views

CVE-2019-2863

CVE-2019-2863 affects the Oracle VM VirtualBox core component. Affected are VirtualBox versions prior to 5.2.32 and prior to 6.0.10. The issue is described as an easily exploitable, local vulnerability that lets a low-privileged attacker with logon to the hosting infrastructure compromise Virtual...

6.5CVSS6.7AI score0.00463EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.187 views

CVE-2019-2873

CVE-2019-2873 affects the Oracle VM VirtualBox core component. Affected: Oracle VirtualBox Core in VirtualBox with versions prior to 5.2.32 and prior to 6.0.10. Description: an easily exploitable, low-privilege local attacker can log on to the infrastructure hosting VirtualBox and cause a partial...

3.3CVSS4.2AI score0.00458EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.187 views

CVE-2019-2877

CVE-2019-2877 affects Oracle VM VirtualBox (subcomponent: Core). Affected versions are prior to 5.2.32 and prior to 6.0.10. The vulnerability allows a low-privileged attacker who has logon to the infrastructure where VirtualBox executes to compromise VirtualBox, potentially causing a hang or a fr...

5.5CVSS5.8AI score0.00462EPSS
CVE
CVE
added 2015/11/16 11:0 a.m.182 views

CVE-2015-5307

CVE-2015-5307 affects the Linux kernel KVM subsystem (through 4.2.6) and Xen (4.3.x–4.6.x). An attacker who has local access in a guest can trigger many #AC exceptions (Alignment Check), potentially causing a host panic/hang. Root cause involves svm.c/vmx.c handling of alignment-related events. P...

4.9CVSS6.1AI score0.00566EPSS
CVE
CVE
added 2021/04/22 9:54 p.m.180 views

CVE-2021-2291

CVE-2021-2291 affects Oracle VM VirtualBox Core prior to 6.1.20. The vulnerability, described as difficult to exploit, allows a low-privileged attacker with logon to the infrastructure where VirtualBox runs to gain unauthorized access to data or full access to VirtualBox data. CVSS 3.1 base score...

4.7CVSS5.1AI score0.00763EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.179 views

CVE-2021-2074

CVE-2021-2074 affects Oracle VM VirtualBox (Core) prior to version 6.1.18. The vulnerability enables a high-privilege attacker who can log on to the host to compromise VirtualBox, with potential impact to related Oracle virtualization products. The CVSS v3.1 base score is 8.2 (Impact: Confidentia...

8.2CVSS8AI score0.00493EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.179 views

CVE-2021-2279

CVE-2021-2279 affects Oracle VM VirtualBox (Core) with versions prior to 6.1.20. An unauthenticated attacker with network access via RDP can exploit this vulnerability to take over Oracle VM VirtualBox. The impact concerns confidentiality, integrity, and availability, as described in the CVSS met...

8.1CVSS7.9AI score0.0331EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.174 views

CVE-2021-2264

CVE-2021-2264 affects Oracle VM VirtualBox (Core) prior to 6.1.20. The vulnerability, with CVSS v3.1 base score 8.4 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N), can allow a low-privilege, locally authenticated attacker to compromise VirtualBox and potentially access or modify data. Public sources consi...

8.4CVSS8.1AI score0.00708EPSS
CVE
CVE
added 2021/07/20 10:45 p.m.174 views

CVE-2021-2454

CVE-2021-2454 affects Oracle VM VirtualBox (Core) with versions prior to 6.1.24. The vulnerability enables a low-privileged, local attacker with logon to the host to take over Oracle VM VirtualBox. Impact is described as takeover of VirtualBox, with high severity (CVSS v3.1 base 7.0). Affected pr...

7CVSS7.1AI score0.00374EPSS
CVE
CVE
added 2015/12/06 12:0 a.m.173 views

CVE-2015-3196

OpenSSL CVE-2015-3196 affects multi-threaded clients where the PSK identity hint is written to the wrong data structure, allowing a remote server to cause a denial of service via a crafted ServerKeyExchange message (race condition and double free). Affected releases include OpenSSL 1.0.0 before 1...

4.3CVSS6.2AI score0.12814EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.172 views

CVE-2019-2556

CVE-2019-2556 affects Oracle VM VirtualBox (Core) with affected builds prior to 5.2.24 and prior to 6.0.2. The issue is exploitable locally: an attacker who can log on to the host infrastructure can compromise VirtualBox, with potential impact to data confidentiality. Public documents from OpenSU...

6.5CVSS6.4AI score0.00503EPSS
CVE
CVE
added 2021/04/22 9:54 p.m.172 views

CVE-2021-2309

Oracle VM VirtualBox (Core) prior to 6.1.20 is affected by CVE-2021-2309 among other CVEs. The issues enable takeover via high-privilege actions by authenticated users (logon) or network access in some cases, with potential for arbitrary code execution, information disclosure, and filesystem acce...

7.5CVSS7.6AI score0.0058EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.171 views

CVE-2019-2554

CVE-2019-2554 affects Oracle VM VirtualBox (Core). Affected are Oracle VM VirtualBox versions prior to 5.2.24 and prior to 6.0.2. According to the description, a low-privilege attacker who has logon to the infrastructure where VirtualBox runs can compromise VirtualBox, with potential unauthorized...

6.5CVSS6.4AI score0.00503EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.171 views

CVE-2021-2145

CVE-2021-2145 affects Oracle VM VirtualBox Core prior to 6.1.20. The issue enables an attacker with logon to the host infrastructure to compromise VirtualBox, with potential takeover and impact to other products. The trusted sources in connected documents describe multiple CVEs in VirtualBox 6.1....

7.5CVSS7.8AI score0.00791EPSS
CVE
CVE
added 2021/04/22 9:54 p.m.171 views

CVE-2021-2310

CVE-2021-2310 affects Oracle VM VirtualBox (Core) with impact described as takeover of VirtualBox. Affected releases are prior to 6.1.20. The vulnerability is exploitable by a high-privilege attacker who already has logon to the infrastructure where VirtualBox runs; exploitation can compromise th...

7.5CVSS7.8AI score0.00645EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.170 views

CVE-2021-2281

CVE-2021-2281 affects Oracle VM VirtualBox (Core) with affected versions prior to 6.1.20. The vulnerability allows an unauthenticated attacker who can log on to the infrastructure where VirtualBox runs to compromise VirtualBox, potentially leading to unauthorized creation, deletion, or modificati...

7.1CVSS7AI score0.00337EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.170 views

CVE-2021-2282

CVE-2021-2282 affects Oracle VM VirtualBox Core, with vulnerable versions before 6.1.20. The issue enables information disclosure or unauthorized data access when an unauthenticated user logs on to the infrastructure where VirtualBox runs. The practical impact is access to critical data or all Vi...

7.1CVSS7.1AI score0.00373EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.168 views

CVE-2020-2951

CVE-2020-2951 affects the Oracle VM VirtualBox core component. Affected products/versions include VirtualBox 5.2.x before 5.2.40, 6.0.x before 6.0.20, and 6.1.x before 6.1.6. The issue allows a low-privilege attacker with local logon to cause a hang or frequent crashes (denial of service) in Virt...

6.5CVSS6.9AI score0.00364EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.168 views

CVE-2021-2266

CVE-2021-2266 affects Oracle VM VirtualBox (Core) with impact of information disclosure. Affected products are VirtualBox released before version 6.1.20; exploitation could allow a high-privilege attacker with logon to the host infrastructure to access sensitive data or, in some entries, take ove...

6CVSS6.1AI score0.00356EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.168 views

CVE-2021-2287

Oracle VM VirtualBox CVE-2021-2287 affects the Core component and is tied to versions prior to 6.1.20. The vulnerability enables an unauthenticated attacker with local logon to compromise the VirtualBox instance, potentially leading to unauthorized data access. The issue is documented with a CVSS...

7.1CVSS7.1AI score0.00373EPSS
CVE
CVE
added 2021/04/22 9:54 p.m.167 views

CVE-2021-2312

CVE-2021-2312 concerns Oracle VM VirtualBox (Core) with affected builds prior to 6.1.20 on Windows. The issue allows a high-privilege, local attacker to cause a hang or a frequent crash (partial/complete DOS) of VirtualBox. Public sources consistently tie the flaw to Windows systems and describe ...

4.4CVSS4.9AI score0.00326EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.166 views

CVE-2019-2506

The CVE-2019-2506 issue affects Oracle VM VirtualBox (Core) with affected versions prior to 5.2.24 and prior to 6.0.2. The vulnerability enables a low-privilege attacker with logon access to compromise VirtualBox, potentially leading to unauthorized read access to a subset of VirtualBox data. Mul...

3.8CVSS3.9AI score0.00502EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.166 views

CVE-2020-2958

CVE-2020-2958 affects Oracle VM VirtualBox core. Affected versions are prior to 5.2.40, 6.0.20, and 6.1.6. The issue is described as difficult to exploit but allows a high-privileged attacker with local logon to compromise VirtualBox and potentially takeover it; impact can extend to related produ...

7.5CVSS7.8AI score0.00379EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.165 views

CVE-2019-2721

CVE-2019-2721 affects Oracle VM VirtualBox (core component). Affected versions are before 5.2.28 and before 6.0.6. The vulnerability allows a low-privilege user with logon to compromise VirtualBox and may impact other products; successful attacks can take over VirtualBox. Mitigation in public adv...

8.8CVSS8.5AI score0.02231EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.165 views

CVE-2020-2914

CVE-2020-2914 affects Oracle VM VirtualBox (Core) with vulnerable versions prior to 6.0.20 and prior to 6.1.6. The issue is described as difficult to exploit and requires a low-privileged attacker with local logon to the host running VirtualBox, with potential takeover of the VirtualBox hyperviso...

7CVSS7.2AI score0.00385EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.165 views

CVE-2021-2284

The CVE-2021-2284 entry relates to Oracle VM VirtualBox (Core) with impact on versions prior to 6.1.20. The connected documents describe multiple vulnerabilities in VirtualBox Core that allow various attack paths: arbitrary code execution, information disclosure, and filesystem access, potentiall...

7.1CVSS7AI score0.00337EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.165 views

CVE-2021-2286

CVE-2021-2286 affects Oracle VM VirtualBox Core with versions prior to 6.1.20. The issue is described as an arbitrary filesystem access vulnerability that could allow an unauthenticated or logged-on attacker to access data or modify data within VirtualBox, depending on context. The exposure is ti...

7.1CVSS7AI score0.00342EPSS
CVE
CVE
added 2021/04/22 9:54 p.m.165 views

CVE-2021-2297

CVE-2021-2297 concerns Oracle VM VirtualBox, Core component, with affected versions prior to 6.1.20. The issue allows a high-privileged attacker who can log on to the infrastructure where VirtualBox runs to compromise the VM VirtualBox, potentially leading to unauthorized access to sensitive data...

5.3CVSS5.5AI score0.00687EPSS
CVE
CVE
added 2022/04/19 8:38 p.m.165 views

CVE-2022-21471

CVE-2022-21471 affects Oracle VM VirtualBox (Core) with versions before 6.1.34. The vulnerability can be exploited by a locally logged-on, low-privilege attacker to cause a hang or a frequent crash (DoS) of VirtualBox, with potential impact on additional Oracle products. The issue is repeatedly c...

6.5CVSS6.6AI score0.00374EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.164 views

CVE-2020-14629

CVE-2020-14629 affects Oracle VM VirtualBox (Core). Affected are VirtualBox versions prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. The issue allows a high-privilege attacker with local logon to compromise VirtualBox, potentially leading to unauthorized access to data across VirtualBox-ava...

6CVSS6AI score0.00553EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.164 views

CVE-2020-14675

CVE-2020-14675 affects Oracle VM VirtualBox (Core). Affected: VirtualBox versions prior to 5.2.44, prior to 6.0.24, and prior to 6.1.12. Root cause is described in public advisories as a vulnerability that could allow a high-privilege attacker with local logon to compromise the VirtualBox instanc...

7.5CVSS7.5AI score0.00411EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.164 views

CVE-2020-2910

CVE-2020-2910 affects Oracle VM VirtualBox (Core) with affected versions prior to 6.0.20 and prior to 6.1.6. The vulnerability allows a low-privileged user with logon to the host running VirtualBox to compromise the VirtualBox component, potentially leading to unauthorized creation, deletion or m...

6.5CVSS6.7AI score0.00368EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.162 views

CVE-2018-3309

CVE-2018-3309 affects Oracle VM VirtualBox (Core) prior to 5.2.22. The vulnerability allows a high-privilege, local attacker with logon to compromise VirtualBox, with potential impact on additional products and full takeover of VirtualBox. Public advisories indicate update to VirtualBox 5.2.24 (a...

8.2CVSS6.6AI score0.00509EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.162 views

CVE-2019-2446

CVE-2019-2446 affects Oracle VM VirtualBox (Core) with vulnerable OpenGL/guest-VM handling prior to 5.2.24 and prior to 6.0.2. Exploitation could allow a low-privileged user with logon to the host infrastructure to access or compromise data within VirtualBox. Public advisories from OpenSUSE/Magei...

5.5CVSS5.8AI score0.00518EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.162 views

CVE-2020-2907

CVE-2020-2907 affects the Core of Oracle VM VirtualBox. Affected are VirtualBox versions prior to 5.2.40, 6.0.20, and 6.1.6. The vulnerability is described as difficult to exploit but allows a high-privileged attacker with local access to compromise VirtualBox, potentially impacting other product...

7.5CVSS7.8AI score0.00567EPSS
Total number of security vulnerabilities427