{"nessus": [{"lastseen": "2021-01-17T11:07:38", "description": "The remote host is affected by the vulnerability described in GLSA-202101-09\n(VirtualBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in VirtualBox. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker could take control of VirtualBox resulting in the execution\n of arbitrary code with the privileges of the process, a Denial of Service\n condition, or other unspecified impacts.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 2, "cvss3": {"score": 6.0, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}, "published": "2021-01-13T00:00:00", "title": "GLSA-202101-09 : VirtualBox: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2984", "CVE-2020-14674", "CVE-2020-2674", "CVE-2019-2867", "CVE-2020-2678", "CVE-2020-14677", "CVE-2020-14629", "CVE-2020-14711", "CVE-2020-2911", "CVE-2020-2691", "CVE-2020-2705", "CVE-2020-2951", "CVE-2020-14703", "CVE-2020-14714", "CVE-2020-2742", "CVE-2020-14713", "CVE-2020-2575", "CVE-2019-2926", "CVE-2019-3026", "CVE-2020-14673", "CVE-2020-2909", "CVE-2020-2693", "CVE-2019-2850", "CVE-2020-14647", "CVE-2019-2944", "CVE-2020-14628", "CVE-2020-14694", "CVE-2020-2758", "CVE-2020-14646", "CVE-2019-3002", "CVE-2020-2913", "CVE-2020-14648", "CVE-2020-2692", "CVE-2019-2877", "CVE-2020-2698", "CVE-2020-2704", "CVE-2020-2743", "CVE-2019-3031", "CVE-2019-2848", "CVE-2020-2725", "CVE-2020-2929", "CVE-2020-14698", "CVE-2019-3005", "CVE-2020-2908", "CVE-2020-14712", "CVE-2019-3021", "CVE-2020-2748", "CVE-2020-14700", "CVE-2019-2865", "CVE-2020-2959", "CVE-2020-14707", "CVE-2019-2866", "CVE-2020-2682", "CVE-2020-2689", "CVE-2020-2905", "CVE-2020-2910", "CVE-2020-2681", "CVE-2020-2727", "CVE-2019-2875", "CVE-2020-2726", "CVE-2020-14715", "CVE-2020-14650", "CVE-2019-2859", "CVE-2020-2703", "CVE-2020-14695", "CVE-2020-2741", "CVE-2020-14675", "CVE-2020-2690", "CVE-2020-2902", "CVE-2020-2907", "CVE-2020-2914", "CVE-2019-2873", "CVE-2019-2864", "CVE-2019-3028", "CVE-2020-2702", "CVE-2020-14649", "CVE-2019-2876", "CVE-2020-14676", "CVE-2020-2894", "CVE-2020-14699", "CVE-2020-14704", "CVE-2019-2874", "CVE-2019-3017", "CVE-2020-2701", "CVE-2020-2958", "CVE-2019-2863"], "modified": "2021-01-13T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:virtualbox"], "id": "GENTOO_GLSA-202101-09.NASL", "href": "https://www.tenable.com/plugins/nessus/144923", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202101-09.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144923);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/15\");\n\n script_cve_id(\"CVE-2019-2848\", \"CVE-2019-2850\", \"CVE-2019-2859\", \"CVE-2019-2863\", \"CVE-2019-2864\", \"CVE-2019-2865\", \"CVE-2019-2866\", \"CVE-2019-2867\", \"CVE-2019-2873\", \"CVE-2019-2874\", \"CVE-2019-2875\", \"CVE-2019-2876\", \"CVE-2019-2877\", \"CVE-2019-2926\", \"CVE-2019-2944\", \"CVE-2019-2984\", \"CVE-2019-3002\", \"CVE-2019-3005\", \"CVE-2019-3017\", \"CVE-2019-3021\", \"CVE-2019-3026\", \"CVE-2019-3028\", \"CVE-2019-3031\", \"CVE-2020-14628\", \"CVE-2020-14629\", \"CVE-2020-14646\", \"CVE-2020-14647\", \"CVE-2020-14648\", \"CVE-2020-14649\", \"CVE-2020-14650\", \"CVE-2020-14673\", \"CVE-2020-14674\", \"CVE-2020-14675\", \"CVE-2020-14676\", \"CVE-2020-14677\", \"CVE-2020-14694\", \"CVE-2020-14695\", \"CVE-2020-14698\", \"CVE-2020-14699\", \"CVE-2020-14700\", \"CVE-2020-14703\", \"CVE-2020-14704\", \"CVE-2020-14707\", \"CVE-2020-14711\", \"CVE-2020-14712\", \"CVE-2020-14713\", \"CVE-2020-14714\", \"CVE-2020-14715\", \"CVE-2020-2575\", \"CVE-2020-2674\", \"CVE-2020-2678\", \"CVE-2020-2681\", \"CVE-2020-2682\", \"CVE-2020-2689\", \"CVE-2020-2690\", \"CVE-2020-2691\", \"CVE-2020-2692\", \"CVE-2020-2693\", \"CVE-2020-2698\", \"CVE-2020-2701\", \"CVE-2020-2702\", \"CVE-2020-2703\", \"CVE-2020-2704\", \"CVE-2020-2705\", \"CVE-2020-2725\", \"CVE-2020-2726\", \"CVE-2020-2727\", \"CVE-2020-2741\", \"CVE-2020-2742\", \"CVE-2020-2743\", \"CVE-2020-2748\", \"CVE-2020-2758\", \"CVE-2020-2894\", \"CVE-2020-2902\", \"CVE-2020-2905\", \"CVE-2020-2907\", \"CVE-2020-2908\", \"CVE-2020-2909\", \"CVE-2020-2910\", \"CVE-2020-2911\", \"CVE-2020-2913\", \"CVE-2020-2914\", \"CVE-2020-2929\", \"CVE-2020-2951\", \"CVE-2020-2958\", \"CVE-2020-2959\");\n script_xref(name:\"GLSA\", value:\"202101-09\");\n\n script_name(english:\"GLSA-202101-09 : VirtualBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202101-09\n(VirtualBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in VirtualBox. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker could take control of VirtualBox resulting in the execution\n of arbitrary code with the privileges of the process, a Denial of Service\n condition, or other unspecified impacts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202101-09\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Virtualbox 6.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-emulation/virtualbox-6.0.24:0/6.0'\n All Virtualbox 6.1.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-emulation/virtualbox-6.1.12:0/6.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14704\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/virtualbox\", unaffected:make_list(\"ge 6.1.12\", \"ge 6.0.24\"), vulnerable:make_list(\"lt 6.1.12\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"VirtualBox\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-09-29T08:34:42", "description": "This update for virtualbox fixes the following issues :\n\nVersion Bump to 6.0.24 (released July 14 2020 by Oracle)\n\nThis is a maintenance release. The following items were fixed and/or\nadded :\n\n - API: Fix unintentionally enabled audio due to a settings\n file version dependent bug\n\n - VBoxManage: Fix crash of 'VBoxManage internalcommands\n repairhd' when processing invalid input (bug #19579)\n\n - Guest Additions: Fix issues detecting guest additions\n ISO at runtime\n\n - Fixes CVE-2020-14628,	CVE-2020-14646, CVE-2020-14647,\n CVE-2020-14649,	CVE-2020-14713, CVE-2020-14674,\n 	CVE-2020-14675, CVE-2020-14676, CVE-2020-14677,\n CVE-2020-14699, CVE-2020-14711, CVE-2020-14629, 	\n 	CVE-2020-14703, CVE-2020-14704, CVE-2020-14648,\n CVE-2020-14650, CVE-2020-14673, CVE-2020-14694, 	\n 	CVE-2020-14695, CVE-2020-14698, CVE-2020-14700,\n CVE-2020-14712, CVE-2020-14707, CVE-2020-14714,\n 	CVE-2020-14715 boo#1174159", "edition": 2, "cvss3": {"score": 6.0, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}, "published": "2020-09-24T00:00:00", "title": "openSUSE Security Update : virtualbox (openSUSE-2020-1511)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14674", "CVE-2020-14677", "CVE-2020-14629", "CVE-2020-14711", "CVE-2020-14703", "CVE-2020-14714", "CVE-2020-14713", "CVE-2020-14673", "CVE-2020-14647", "CVE-2020-14628", "CVE-2020-14694", "CVE-2020-14646", "CVE-2020-14648", "CVE-2020-14698", "CVE-2020-14712", "CVE-2020-14700", "CVE-2020-14707", "CVE-2020-14715", "CVE-2020-14650", "CVE-2020-14695", "CVE-2020-14675", "CVE-2020-14649", "CVE-2020-14676", "CVE-2020-14699", "CVE-2020-14704"], "modified": "2020-09-24T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-vnc", "p-cpe:/a:novell:opensuse:virtualbox-guest-source", "p-cpe:/a:novell:opensuse:virtualbox-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:python3-virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons"], "id": "OPENSUSE-2020-1511.NASL", "href": "https://www.tenable.com/plugins/nessus/140764", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1511.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140764);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/28\");\n\n script_cve_id(\"CVE-2020-14628\", \"CVE-2020-14629\", \"CVE-2020-14646\", \"CVE-2020-14647\", \"CVE-2020-14648\", \"CVE-2020-14649\", \"CVE-2020-14650\", \"CVE-2020-14673\", \"CVE-2020-14674\", \"CVE-2020-14675\", \"CVE-2020-14676\", \"CVE-2020-14677\", \"CVE-2020-14694\", \"CVE-2020-14695\", \"CVE-2020-14698\", \"CVE-2020-14699\", \"CVE-2020-14700\", \"CVE-2020-14703\", \"CVE-2020-14704\", \"CVE-2020-14707\", \"CVE-2020-14711\", \"CVE-2020-14712\", \"CVE-2020-14713\", \"CVE-2020-14714\", \"CVE-2020-14715\");\n\n script_name(english:\"openSUSE Security Update : virtualbox (openSUSE-2020-1511)\");\n script_summary(english:\"Check for the openSUSE-2020-1511 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for virtualbox fixes the following issues :\n\nVersion Bump to 6.0.24 (released July 14 2020 by Oracle)\n\nThis is a maintenance release. The following items were fixed and/or\nadded :\n\n - API: Fix unintentionally enabled audio due to a settings\n file version dependent bug\n\n - VBoxManage: Fix crash of 'VBoxManage internalcommands\n repairhd' when processing invalid input (bug #19579)\n\n - Guest Additions: Fix issues detecting guest additions\n ISO at runtime\n\n - Fixes CVE-2020-14628,	CVE-2020-14646, CVE-2020-14647,\n CVE-2020-14649,	CVE-2020-14713, CVE-2020-14674,\n 	CVE-2020-14675, CVE-2020-14676, CVE-2020-14677,\n CVE-2020-14699, CVE-2020-14711, CVE-2020-14629, 	\n 	CVE-2020-14703, CVE-2020-14704, CVE-2020-14648,\n CVE-2020-14650, CVE-2020-14673, CVE-2020-14694, 	\n 	CVE-2020-14695, CVE-2020-14698, CVE-2020-14700,\n CVE-2020-14712, CVE-2020-14707, CVE-2020-14714,\n 	CVE-2020-14715 boo#1174159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174159\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected virtualbox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14704\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-vnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-virtualbox-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-virtualbox-debuginfo-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-debuginfo-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-debugsource-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-devel-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-desktop-icons-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-source-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-tools-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-tools-debuginfo-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-x11-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-guest-x11-debuginfo-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-host-source-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-kmp-default-6.0.24_k4.12.14_lp151.28.67-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-kmp-default-debuginfo-6.0.24_k4.12.14_lp151.28.67-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-qt-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-qt-debuginfo-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-vnc-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-websrv-6.0.24-lp151.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virtualbox-websrv-debuginfo-6.0.24-lp151.2.18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3-virtualbox / python3-virtualbox-debuginfo / virtualbox / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-09-24T09:27:16", "description": "This update for virtualbox fixes the following issues :\n\nUpdate to Oracle version 6.1.14a.\n\nThis minor update enables the building of libvirt again.\n\nVersion update to 6.1.14 (released September 04 2020 by Oracle)\n\nFile 'fix_virtio_build.patch' is added to fix a build problem. This is\na maintenance release. The following items were fixed and/or added:\nGUI: Fixes file name changes in the File location field when creating\nVirtual Hard Disk (bug #19286) VMM: Fixed running VMs which failed to\nstart with VERR_NEM_MISSING_KERNEL_API_2 when Hyper-V is used (bug\n#19779 and #19804) Audio: fix regression in HDA emulation introduced\nin 6.1.0 Shared Clipboard: Fixed a potential crash when copying HTML\ndata (6.1.2 regression; bug #19226) Linux host and guest: Linux kernel\nversion 5.8 support EFI: Fixed reading ISO9660 filesystems on attached\nmedia (6.1.0 regression; bug #19682) EFI: Support booting from drives\nattached to the LsiLogic SCSI and SAS controller emulations\n\nPseudo version bump to 6.1.13, which is NOT an Oracle release.\n\nUpdate VB sources to run under kernel 5.8.0+ with no modifications to\nthe kernel. These sources are derived from r85883 of the Oracle svn\nrepository. For operations with USB(2,3), the extension pack for\nrevision 140056 must be installed. Once Oracle releases 6.1.14, then\nthe extension pack and VB itself will have the same revision number.\nFile 'fixes_for_5.8.patch' is removed as that part was fixed upstream.\nFixes boo#1175201.\n\nApply Oracle changes for kernel 5.8.\n\nVersion bump to 6.1.12 (released July 14 2020 by Oracle)\n\nThis is a maintenance release. The following items were fixed and/or\nadded: File 'turn_off_cloud_net.patch' added. Fixes for\nCVE-2020-14628, CVE-2020-14646, CVE-2020-14647, CVE-2020-14649 	\n	 CVE-2020-14713, CVE-2020-14674, CVE-2020-14675, CVE-2020-14676\n	 	 CVE-2020-14677, CVE-2020-14699, CVE-2020-14711,\nCVE-2020-14629 	 CVE-2020-14703, CVE-2020-14704, CVE-2020-14648,\nCVE-2020-14650 	 CVE-2020-14673, CVE-2020-14694, CVE-2020-14695,\nCVE-2020-14698 		 CVE-2020-14700, CVE-2020-14712,\nCVE-2020-14707, CVE-2020-14714	 CVE-2020-14715 boo#1174159. UI:\nFixes for Log-Viewer search-backward icon Devices: Fixes and\nimprovements for the BusLogic SCSI controller emulation Serial Port:\nRegression fixes in FIFO data handling Oracle Cloud Infrastructure\nintegration: Experimental new type of network attachment, allowing\nlocal VM to act as if it was run in cloud API: improved resource\nmanagement in the guest control functionality VBoxManage: fixed\ncommand option parsing for the 'snapshot edit' sub-command VBoxManage:\nFix crash of 'VBoxManage internalcommands repairhd' when processing\ninvalid input (bug #19579) Guest Additions, 3D: New experimental GLX\ngraphics output Guest Additions, 3D: Fixed releasing texture objects,\nwhich could cause guest crashes Guest Additions: Fixed writes to a\nfile on a shared folder not being reflected on the host when the file\nis mmap'ed and the used Linux kernel is between version 4.10.0 and\n4.11.x Guest Additions: Fixed the shared folder driver on 32bit\nWindows 8 and newer returning an error when flushing writes to a file\nwhich is mapped into memory under rare circumstances Guest Additions:\nImprove resize coverage for VMSVGA graphics controller Guest\nAdditions: Fix issues detecting guest additions ISO at runtime Guest\nAdditions: Fixed German translation encoding for Windows GA installer", "edition": 2, "cvss3": {"score": 6.0, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}, "published": "2020-09-21T00:00:00", "title": "openSUSE Security Update : virtualbox (openSUSE-2020-1486)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14674", "CVE-2020-14677", "CVE-2020-14629", "CVE-2020-14711", "CVE-2020-14703", "CVE-2020-14714", "CVE-2020-14713", "CVE-2020-14673", "CVE-2020-14647", "CVE-2020-14628", "CVE-2020-14694", "CVE-2020-14646", "CVE-2020-14648", "CVE-2020-14698", "CVE-2020-14712", "CVE-2020-14700", "CVE-2020-14707", "CVE-2020-14715", "CVE-2020-14650", "CVE-2020-14695", "CVE-2020-14675", "CVE-2020-14649", "CVE-2020-14676", "CVE-2020-14699", "CVE-2020-14704"], "modified": "2020-09-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-kmp-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-vnc", "p-cpe:/a:novell:opensuse:virtualbox-guest-source", "p-cpe:/a:novell:opensuse:virtualbox-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-kmp-preempt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-kmp-preempt", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:python3-virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons"], "id": "OPENSUSE-2020-1486.NASL", "href": "https://www.tenable.com/plugins/nessus/140692", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1486.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140692);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/23\");\n\n script_cve_id(\"CVE-2020-14628\", \"CVE-2020-14629\", \"CVE-2020-14646\", \"CVE-2020-14647\", \"CVE-2020-14648\", \"CVE-2020-14649\", \"CVE-2020-14650\", \"CVE-2020-14673\", \"CVE-2020-14674\", \"CVE-2020-14675\", \"CVE-2020-14676\", \"CVE-2020-14677\", \"CVE-2020-14694\", \"CVE-2020-14695\", \"CVE-2020-14698\", \"CVE-2020-14699\", \"CVE-2020-14700\", \"CVE-2020-14703\", \"CVE-2020-14704\", \"CVE-2020-14707\", \"CVE-2020-14711\", \"CVE-2020-14712\", \"CVE-2020-14713\", \"CVE-2020-14714\", \"CVE-2020-14715\");\n\n script_name(english:\"openSUSE Security Update : virtualbox (openSUSE-2020-1486)\");\n script_summary(english:\"Check for the openSUSE-2020-1486 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for virtualbox fixes the following issues :\n\nUpdate to Oracle version 6.1.14a.\n\nThis minor update enables the building of libvirt again.\n\nVersion update to 6.1.14 (released September 04 2020 by Oracle)\n\nFile 'fix_virtio_build.patch' is added to fix a build problem. This is\na maintenance release. The following items were fixed and/or added:\nGUI: Fixes file name changes in the File location field when creating\nVirtual Hard Disk (bug #19286) VMM: Fixed running VMs which failed to\nstart with VERR_NEM_MISSING_KERNEL_API_2 when Hyper-V is used (bug\n#19779 and #19804) Audio: fix regression in HDA emulation introduced\nin 6.1.0 Shared Clipboard: Fixed a potential crash when copying HTML\ndata (6.1.2 regression; bug #19226) Linux host and guest: Linux kernel\nversion 5.8 support EFI: Fixed reading ISO9660 filesystems on attached\nmedia (6.1.0 regression; bug #19682) EFI: Support booting from drives\nattached to the LsiLogic SCSI and SAS controller emulations\n\nPseudo version bump to 6.1.13, which is NOT an Oracle release.\n\nUpdate VB sources to run under kernel 5.8.0+ with no modifications to\nthe kernel. These sources are derived from r85883 of the Oracle svn\nrepository. For operations with USB(2,3), the extension pack for\nrevision 140056 must be installed. Once Oracle releases 6.1.14, then\nthe extension pack and VB itself will have the same revision number.\nFile 'fixes_for_5.8.patch' is removed as that part was fixed upstream.\nFixes boo#1175201.\n\nApply Oracle changes for kernel 5.8.\n\nVersion bump to 6.1.12 (released July 14 2020 by Oracle)\n\nThis is a maintenance release. The following items were fixed and/or\nadded: File 'turn_off_cloud_net.patch' added. Fixes for\nCVE-2020-14628, CVE-2020-14646, CVE-2020-14647, CVE-2020-14649 	\n	 CVE-2020-14713, CVE-2020-14674, CVE-2020-14675, CVE-2020-14676\n	 	 CVE-2020-14677, CVE-2020-14699, CVE-2020-14711,\nCVE-2020-14629 	 CVE-2020-14703, CVE-2020-14704, CVE-2020-14648,\nCVE-2020-14650 	 CVE-2020-14673, CVE-2020-14694, CVE-2020-14695,\nCVE-2020-14698 		 CVE-2020-14700, CVE-2020-14712,\nCVE-2020-14707, CVE-2020-14714	 CVE-2020-14715 boo#1174159. UI:\nFixes for Log-Viewer search-backward icon Devices: Fixes and\nimprovements for the BusLogic SCSI controller emulation Serial Port:\nRegression fixes in FIFO data handling Oracle Cloud Infrastructure\nintegration: Experimental new type of network attachment, allowing\nlocal VM to act as if it was run in cloud API: improved resource\nmanagement in the guest control functionality VBoxManage: fixed\ncommand option parsing for the 'snapshot edit' sub-command VBoxManage:\nFix crash of 'VBoxManage internalcommands repairhd' when processing\ninvalid input (bug #19579) Guest Additions, 3D: New experimental GLX\ngraphics output Guest Additions, 3D: Fixed releasing texture objects,\nwhich could cause guest crashes Guest Additions: Fixed writes to a\nfile on a shared folder not being reflected on the host when the file\nis mmap'ed and the used Linux kernel is between version 4.10.0 and\n4.11.x Guest Additions: Fixed the shared folder driver on 32bit\nWindows 8 and newer returning an error when flushing writes to a file\nwhich is mapped into memory under rare circumstances Guest Additions:\nImprove resize coverage for VMSVGA graphics controller Guest\nAdditions: Fix issues detecting guest additions ISO at runtime Guest\nAdditions: Fixed German translation encoding for Windows GA installer\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175201\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected virtualbox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14704\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-kmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-kmp-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-vnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"python3-virtualbox-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"python3-virtualbox-debuginfo-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-debuginfo-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-debugsource-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-devel-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-guest-source-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-guest-tools-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-guest-tools-debuginfo-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-guest-x11-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-guest-x11-debuginfo-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-host-source-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-kmp-debugsource-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-kmp-default-debuginfo-6.1.14_k5.3.18_lp152.41-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-kmp-preempt-debuginfo-6.1.14_k5.3.18_lp152.41-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-qt-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-qt-debuginfo-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-vnc-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-websrv-6.1.14-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"virtualbox-websrv-debuginfo-6.1.14-lp152.2.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3-virtualbox / python3-virtualbox-debuginfo / virtualbox / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-07-23T02:04:48", "description": "Oracle reports :\n\nVulnerabilities in VirtualBox core can allow users with logon access\nto the infrastructure where Oracle VM VirtualBox executes to\ncompromise Oracle VM VirtualBox. Successful attacks of these\nvulnerabilities can result in unauthorized access to critical data,\naccess to all Oracle VM VirtualBox accessible data, unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nor takeover of Oracle VM VirtualBox.", "edition": 4, "cvss3": {"score": 6.0, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}, "published": "2020-07-20T00:00:00", "title": "FreeBSD : VirtualBox -- Multiple vulnerabilities (1e7b316b-c6a8-11ea-a7d5-001999f8d30b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14674", "CVE-2020-14677", "CVE-2020-14629", "CVE-2020-14711", "CVE-2020-14703", "CVE-2020-14714", "CVE-2020-14713", "CVE-2020-14673", "CVE-2020-14647", "CVE-2020-14628", "CVE-2020-14694", "CVE-2020-14646", "CVE-2020-14648", "CVE-2020-14698", "CVE-2020-14712", "CVE-2020-14700", "CVE-2020-14707", "CVE-2020-14715", "CVE-2020-14650", "CVE-2020-14695", "CVE-2020-14675", "CVE-2020-14649", "CVE-2020-14676", "CVE-2020-14699", "CVE-2020-14704"], "modified": "2020-07-20T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:virtualbox-ose"], "id": "FREEBSD_PKG_1E7B316BC6A811EAA7D5001999F8D30B.NASL", "href": "https://www.tenable.com/plugins/nessus/138658", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138658);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2020-14628\", \"CVE-2020-14629\", \"CVE-2020-14646\", \"CVE-2020-14647\", \"CVE-2020-14648\", \"CVE-2020-14649\", \"CVE-2020-14650\", \"CVE-2020-14673\", \"CVE-2020-14674\", \"CVE-2020-14675\", \"CVE-2020-14676\", \"CVE-2020-14677\", \"CVE-2020-14694\", \"CVE-2020-14695\", \"CVE-2020-14698\", \"CVE-2020-14699\", \"CVE-2020-14700\", \"CVE-2020-14703\", \"CVE-2020-14704\", \"CVE-2020-14707\", \"CVE-2020-14711\", \"CVE-2020-14712\", \"CVE-2020-14713\", \"CVE-2020-14714\", \"CVE-2020-14715\");\n\n script_name(english:\"FreeBSD : VirtualBox -- Multiple vulnerabilities (1e7b316b-c6a8-11ea-a7d5-001999f8d30b)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Oracle reports :\n\nVulnerabilities in VirtualBox core can allow users with logon access\nto the infrastructure where Oracle VM VirtualBox executes to\ncompromise Oracle VM VirtualBox. Successful attacks of these\nvulnerabilities can result in unauthorized access to critical data,\naccess to all Oracle VM VirtualBox accessible data, unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nor takeover of Oracle VM VirtualBox.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/security-alerts/cpujul2020.html\"\n );\n # https://vuxml.freebsd.org/freebsd/1e7b316b-c6a8-11ea-a7d5-001999f8d30b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78ef1d1d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14704\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:virtualbox-ose\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"virtualbox-ose>=5.2<5.2.44\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"virtualbox-ose>=6.0<6.0.24\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"virtualbox-ose>=6.1<6.1.12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-10-24T10:31:54", "description": "The Prior to 5.2.44, prior to 6.0.24, and prior to 6.1.12 versions of VM VirtualBox installed on the remote host are\naffected by multiple vulnerabilities as referenced in the July 2020 CPU advisory.\n\n - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported \n versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable \n vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox \n executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks \n may significantly impact additional products. Successful attacks of this vulnerability can result in \n takeover of Oracle VM VirtualBox. Note: The CVE-2020-14628 is applicable to Windows VM only. \n (CVE-2020-14628, CVE-2020-14629, CVE-2020-14703, CVE-2020-14704, CVE-2020-14711, CVE-2020-14714, \n CVE-2020-14715)\n\n - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported \n versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit \n vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox \n executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks \n may significantly impact additional products. Successful attacks of this vulnerability can result in \n takeover of Oracle VM VirtualBox. (CVE-2020-14646, CVE-2020-14647, CVE-2020-14648, CVE-2020-14649, \n CVE-2020-14650, CVE-2020-14673, CVE-2020-14674, CVE-2020-14675, CVE-2020-14676, CVE-2020-14677, \n CVE-2020-14694, CVE-2020-14695, CVE-2020-14698, CVE-2020-14699, CVE-2020-14700, CVE-2020-14713)\n\n - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported \n versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable \n vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox \n executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person \n other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, \n deletion or modification access to critical data or all Oracle VM VirtualBox accessible data.\n (CVE-2020-14707, CVE-2020-14712)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 6, "cvss3": {"score": 6.0, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}, "published": "2020-07-16T00:00:00", "title": "Oracle VM VirtualBox (Jul 2020 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14674", "CVE-2020-14677", "CVE-2020-14629", "CVE-2020-14711", "CVE-2020-14703", "CVE-2020-14714", "CVE-2020-14713", "CVE-2020-14673", "CVE-2020-14647", "CVE-2020-14628", "CVE-2020-14694", "CVE-2020-14646", "CVE-2020-14648", "CVE-2020-14698", "CVE-2020-14712", "CVE-2020-14700", "CVE-2020-14707", "CVE-2020-14715", "CVE-2020-14650", "CVE-2020-14695", "CVE-2020-14675", "CVE-2020-14649", "CVE-2020-14676", "CVE-2020-14699", "CVE-2020-14704"], "modified": "2020-07-16T00:00:00", "cpe": ["cpe:/a:oracle:vm_virtualbox"], "id": "VIRTUALBOX_JUL_2020_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/138527", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138527);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\n \"CVE-2020-14628\",\n \"CVE-2020-14629\",\n \"CVE-2020-14646\",\n \"CVE-2020-14647\",\n \"CVE-2020-14648\",\n \"CVE-2020-14649\",\n \"CVE-2020-14650\",\n \"CVE-2020-14673\",\n \"CVE-2020-14674\",\n \"CVE-2020-14675\",\n \"CVE-2020-14676\",\n \"CVE-2020-14677\",\n \"CVE-2020-14694\",\n \"CVE-2020-14695\",\n \"CVE-2020-14698\",\n \"CVE-2020-14699\",\n \"CVE-2020-14700\",\n \"CVE-2020-14703\",\n \"CVE-2020-14704\",\n \"CVE-2020-14707\",\n \"CVE-2020-14711\",\n \"CVE-2020-14712\",\n \"CVE-2020-14713\",\n \"CVE-2020-14714\",\n \"CVE-2020-14715\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0323-S\");\n\n script_name(english:\"Oracle VM VirtualBox (Jul 2020 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The Prior to 5.2.44, prior to 6.0.24, and prior to 6.1.12 versions of VM VirtualBox installed on the remote host are\naffected by multiple vulnerabilities as referenced in the July 2020 CPU advisory.\n\n - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported \n versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable \n vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox \n executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks \n may significantly impact additional products. Successful attacks of this vulnerability can result in \n takeover of Oracle VM VirtualBox. Note: The CVE-2020-14628 is applicable to Windows VM only. \n (CVE-2020-14628, CVE-2020-14629, CVE-2020-14703, CVE-2020-14704, CVE-2020-14711, CVE-2020-14714, \n CVE-2020-14715)\n\n - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported \n versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit \n vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox \n executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks \n may significantly impact additional products. Successful attacks of this vulnerability can result in \n takeover of Oracle VM VirtualBox. (CVE-2020-14646, CVE-2020-14647, CVE-2020-14648, CVE-2020-14649, \n CVE-2020-14650, CVE-2020-14673, CVE-2020-14674, CVE-2020-14675, CVE-2020-14676, CVE-2020-14677, \n CVE-2020-14694, CVE-2020-14695, CVE-2020-14698, CVE-2020-14699, CVE-2020-14700, CVE-2020-14713)\n\n - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported \n versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable \n vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox \n executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person \n other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, \n deletion or modification access to critical data or all Oracle VM VirtualBox accessible data.\n (CVE-2020-14707, CVE-2020-14712)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpujul2020cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujul2020.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2020 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14704\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:vm_virtualbox\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"virtualbox_installed.nasl\", \"macosx_virtualbox_installed.nbin\");\n script_require_ports(\"installed_sw/Oracle VM VirtualBox\", \"installed_sw/VirtualBox\");\n\n exit(0);\n}\n\n\ninclude('vcf.inc');\n\nif (get_kb_item('installed_sw/Oracle VM VirtualBox'))\n app_info = vcf::get_app_info(app:'Oracle VM VirtualBox', win_local:TRUE);\nelse\n app_info = vcf::get_app_info(app:'VirtualBox');\n\nconstraints = [\n {'min_version' : '5.2', 'fixed_version' : '5.2.44'},\n {'min_version' : '6.0', 'fixed_version' : '6.0.24'},\n {'min_version' : '6.1', 'fixed_version' : '6.1.12'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "gentoo": [{"lastseen": "2021-01-12T23:27:01", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2984", "CVE-2020-14674", "CVE-2020-2674", "CVE-2019-2867", "CVE-2020-2678", "CVE-2020-14677", "CVE-2020-14629", "CVE-2020-14711", "CVE-2020-2911", "CVE-2020-2691", "CVE-2020-2705", "CVE-2020-2951", "CVE-2020-14703", "CVE-2020-14714", "CVE-2020-2742", "CVE-2020-14713", "CVE-2020-2575", "CVE-2019-2926", "CVE-2019-3026", "CVE-2020-14673", "CVE-2020-2909", "CVE-2020-2693", "CVE-2019-2850", "CVE-2020-14647", "CVE-2019-2944", "CVE-2020-14628", "CVE-2020-14694", "CVE-2020-2758", "CVE-2020-14646", "CVE-2019-3002", "CVE-2020-2913", "CVE-2020-14648", "CVE-2020-2692", "CVE-2019-2877", "CVE-2020-2698", "CVE-2020-2704", "CVE-2020-2743", "CVE-2019-3031", "CVE-2019-2848", "CVE-2020-2725", "CVE-2020-2929", "CVE-2020-14698", "CVE-2019-3005", "CVE-2020-2908", "CVE-2020-14712", "CVE-2019-3021", "CVE-2020-2748", "CVE-2020-14700", "CVE-2019-2865", "CVE-2020-2959", "CVE-2020-14707", "CVE-2019-2866", "CVE-2020-2682", "CVE-2020-2689", "CVE-2020-2905", "CVE-2020-2910", "CVE-2020-2681", "CVE-2020-2727", "CVE-2019-2875", "CVE-2020-2726", "CVE-2020-14715", "CVE-2020-14650", "CVE-2019-2859", "CVE-2020-2703", "CVE-2020-14695", "CVE-2020-2741", "CVE-2020-14675", "CVE-2020-2690", "CVE-2020-2902", "CVE-2020-2907", "CVE-2020-2914", "CVE-2019-2873", "CVE-2019-2864", "CVE-2019-3028", "CVE-2020-2702", "CVE-2020-14649", "CVE-2019-2876", "CVE-2020-14676", "CVE-2020-2894", "CVE-2020-14699", "CVE-2020-14704", "CVE-2019-2874", "CVE-2019-3017", "CVE-2020-2701", "CVE-2020-2958", "CVE-2019-2863"], "description": "### Background\n\nVirtualBox is a powerful virtualization product from Oracle.\n\n### Description\n\nMultiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker could take control of VirtualBox resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, or other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Virtualbox 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/virtualbox-6.0.24:0/6.0\"\n \n\nAll Virtualbox 6.1.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/virtualbox-6.1.12:0/6.1\"", "edition": 1, "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "GLSA-202101-09", "href": "https://security.gentoo.org/glsa/202101-09", "title": "VirtualBox: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2020-09-24T08:42:18", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14674", "CVE-2020-14677", "CVE-2020-14629", "CVE-2020-14711", "CVE-2020-14703", "CVE-2020-14714", "CVE-2020-14713", "CVE-2020-14673", "CVE-2020-14647", "CVE-2020-14628", "CVE-2020-14694", "CVE-2020-14646", "CVE-2020-14648", "CVE-2020-14698", "CVE-2020-14712", "CVE-2020-14700", "CVE-2020-14707", "CVE-2020-14715", "CVE-2020-14650", "CVE-2020-14695", "CVE-2020-14675", "CVE-2020-14649", "CVE-2020-14676", "CVE-2020-14699", "CVE-2020-14704"], "description": "This update for virtualbox fixes the following issues:\n\n Version Bump to 6.0.24 (released July 14 2020 by Oracle)\n\n This is a maintenance release. The following items were fixed and/or added:\n\n - API: Fix unintentionally enabled audio due to a settings file version\n dependent bug\n - VBoxManage: Fix crash of 'VBoxManage internalcommands repairhd' when\n processing invalid input (bug #19579)\n - Guest Additions: Fix issues detecting guest additions ISO at runtime\n - Fixes CVE-2020-14628, CVE-2020-14646, CVE-2020-14647, CVE-2020-14649,\n CVE-2020-14713, CVE-2020-14674, CVE-2020-14675, CVE-2020-14676,\n CVE-2020-14677, CVE-2020-14699, CVE-2020-14711, CVE-2020-14629,\n CVE-2020-14703, CVE-2020-14704, CVE-2020-14648, CVE-2020-14650,\n CVE-2020-14673, CVE-2020-14694, CVE-2020-14695, CVE-2020-14698,\n CVE-2020-14700, CVE-2020-14712, CVE-2020-14707, CVE-2020-14714,\n CVE-2020-14715 boo#1174159\n\n", "edition": 1, "modified": "2020-09-24T06:14:34", "published": "2020-09-24T06:14:34", "id": "OPENSUSE-SU-2020:1511-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html", "title": "Security update for virtualbox (important)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-09-20T20:41:55", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14674", "CVE-2020-14677", "CVE-2020-14629", "CVE-2020-14711", "CVE-2020-14703", "CVE-2020-14714", "CVE-2020-14713", "CVE-2020-14673", "CVE-2020-14647", "CVE-2020-14628", "CVE-2020-14694", "CVE-2020-14646", "CVE-2020-14648", "CVE-2020-14698", "CVE-2020-14712", "CVE-2020-14700", "CVE-2020-14707", "CVE-2020-14715", "CVE-2020-14650", "CVE-2020-14695", "CVE-2020-14675", "CVE-2020-14649", "CVE-2020-14676", "CVE-2020-14699", "CVE-2020-14704"], "description": "This update for virtualbox fixes the following issues:\n\n Update to Oracle version 6.1.14a.\n\n This minor update enables the building of libvirt again.\n\n Version update to 6.1.14 (released September 04 2020 by Oracle)\n\n File "fix_virtio_build.patch" is added to fix a build problem. This is a\n maintenance release. The following items were fixed and/or added: GUI:\n Fixes file name changes in the File location field when creating Virtual\n Hard Disk (bug #19286) VMM: Fixed running VMs which failed to start with\n VERR_NEM_MISSING_KERNEL_API_2 when Hyper-V is used (bug #19779 and #19804)\n Audio: fix regression in HDA emulation introduced in 6.1.0 Shared\n Clipboard: Fixed a potential crash when copying HTML data (6.1.2\n regression; bug #19226) Linux host and guest: Linux kernel version 5.8\n support EFI: Fixed reading ISO9660 filesystems on attached media (6.1.0\n regression; bug #19682) EFI: Support booting from drives attached to the\n LsiLogic SCSI and SAS controller emulations\n\n Pseudo version bump to 6.1.13, which is NOT an Oracle release.\n\n Update VB sources to run under kernel 5.8.0+ with no modifications to\n the kernel. These sources are derived from r85883 of the Oracle svn\n repository. For operations with USB{2,3}, the extension pack for revision\n 140056 must be installed. Once Oracle releases 6.1.14, then the extension\n pack and VB itself will have the same revision number. File\n "fixes_for_5.8.patch" is removed as that part was fixed upstream. Fixes\n boo#1175201.\n\n Apply Oracle changes for kernel 5.8.\n\n Version bump to 6.1.12 (released July 14 2020 by Oracle)\n\n This is a maintenance release. The following items were fixed and/or\n added: File "turn_off_cloud_net.patch" added. Fixes for CVE-2020-14628,\n CVE-2020-14646, CVE-2020-14647, CVE-2020-14649 CVE-2020-14713,\n CVE-2020-14674, CVE-2020-14675, CVE-2020-14676 CVE-2020-14677,\n CVE-2020-14699, CVE-2020-14711, CVE-2020-14629 CVE-2020-14703,\n CVE-2020-14704, CVE-2020-14648, CVE-2020-14650 CVE-2020-14673,\n CVE-2020-14694, CVE-2020-14695, CVE-2020-14698 CVE-2020-14700,\n CVE-2020-14712, CVE-2020-14707, CVE-2020-14714 CVE-2020-14715 boo#1174159.\n UI: Fixes for Log-Viewer search-backward icon Devices: Fixes and\n improvements for the BusLogic SCSI controller emulation Serial Port:\n Regression fixes in FIFO data handling Oracle Cloud Infrastructure\n integration: Experimental new type of network attachment, allowing local\n VM to act as if it was run in cloud API: improved resource management in\n the guest control functionality VBoxManage: fixed command option parsing\n for the "snapshot edit" sub-command VBoxManage: Fix crash of 'VBoxManage\n internalcommands repairhd' when processing invalid input (bug #19579)\n Guest Additions, 3D: New experimental GLX graphics output Guest Additions,\n 3D: Fixed releasing texture objects, which could cause guest crashes Guest\n Additions: Fixed writes to a file on a shared folder not being reflected\n on the host when the file is mmap'ed and the used Linux kernel is between\n version 4.10.0 and 4.11.x Guest Additions: Fixed the shared folder driver\n on 32bit Windows 8 and newer returning an error when flushing writes to a\n file which is mapped into memory under rare circumstances Guest Additions:\n Improve resize coverage for VMSVGA graphics controller Guest Additions:\n Fix issues detecting guest additions ISO at runtime Guest Additions: Fixed\n German translation encoding for Windows GA installer\n\n", "edition": 1, "modified": "2020-09-20T18:13:58", "published": "2020-09-20T18:13:58", "id": "OPENSUSE-SU-2020:1486-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html", "title": "Security update for virtualbox (moderate)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "cve": [{"lastseen": "2021-01-13T14:39:33", "description": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 8, "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.4, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-15T18:15:00", "title": "CVE-2020-14714", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14714"], "modified": "2021-01-12T20:15:00", "cpe": [], "id": "CVE-2020-14714", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14714", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2020-10-03T13:20:14", "description": "System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the \"load_script\" URL parameter.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-13T13:29:00", "title": "CVE-2018-14714", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14714"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:asus:rt-ac3200_firmware:3.0.0.4.382.50010"], "id": "CVE-2018-14714", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14714", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:asus:rt-ac3200_firmware:3.0.0.4.382.50010:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:24", "description": "In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.", "edition": 5, "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2017-09-22T19:29:00", "title": "CVE-2017-14714", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14714"], "modified": "2017-09-28T14:19:00", "cpe": ["cpe:/a:telaxius:epesi:1.8.2.4"], "id": "CVE-2017-14714", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14714", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:telaxius:epesi:1.8.2.4:*:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2020-09-02T11:45:13", "bulletinFamily": "info", "cvelist": ["CVE-2020-14674", "CVE-2020-14677", "CVE-2020-14629", "CVE-2020-14711", "CVE-2020-14703", "CVE-2020-14714", "CVE-2020-14713", "CVE-2020-14673", "CVE-2020-14647", "CVE-2020-14628", "CVE-2020-14694", "CVE-2020-14646", "CVE-2020-14648", "CVE-2020-14698", "CVE-2020-14712", "CVE-2020-14700", "CVE-2020-14707", "CVE-2020-14715", "CVE-2020-14650", "CVE-2020-14695", "CVE-2020-14675", "CVE-2020-14649", "CVE-2020-14676", "CVE-2020-14699", "CVE-2020-14704"], "description": "### *Detect date*:\n07/14/2020\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Oracle Virtualbox. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service.\n\n### *Affected products*:\nOracle VirtualBox prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12\n\n### *Solution*:\nUpdate to the latest version \n[Download Oracle Virtual Box](<https://www.virtualbox.org/wiki/Downloads>)\n\n### *Original advisories*:\n[Oracle Critical Patch Update Advisory \u2013 July 2020](<https://www.oracle.com/security-alerts/cpujul2020.html#AppendixOVIR>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Oracle VirtualBox](<https://threats.kaspersky.com/en/product/Oracle-VirtualBox/>)\n\n### *CVE-IDS*:\n[CVE-2020-14674](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14674>)0.0Unknown \n[CVE-2020-14650](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14650>)0.0Unknown \n[CVE-2020-14713](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14713>)0.0Unknown \n[CVE-2020-14699](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14699>)0.0Unknown \n[CVE-2020-14711](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14711>)0.0Unknown \n[CVE-2020-14646](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14646>)0.0Unknown \n[CVE-2020-14707](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14707>)0.0Unknown \n[CVE-2020-14647](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14647>)0.0Unknown \n[CVE-2020-14712](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14712>)0.0Unknown \n[CVE-2020-14676](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14676>)0.0Unknown \n[CVE-2020-14648](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14648>)0.0Unknown \n[CVE-2020-14694](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14694>)0.0Unknown \n[CVE-2020-14673](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14673>)0.0Unknown \n[CVE-2020-14695](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14695>)0.0Unknown \n[CVE-2020-14703](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14703>)0.0Unknown \n[CVE-2020-14649](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14649>)0.0Unknown \n[CVE-2020-14700](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14700>)0.0Unknown \n[CVE-2020-14698](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14698>)0.0Unknown \n[CVE-2020-14704](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14704>)0.0Unknown \n[CVE-2020-14629](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14629>)0.0Unknown \n[CVE-2020-14628](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14628>)0.0Unknown \n[CVE-2020-14677](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14677>)0.0Unknown \n[CVE-2020-14715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14715>)0.0Unknown \n[CVE-2020-14714](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14714>)0.0Unknown \n[CVE-2020-14675](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14675>)0.0Unknown", "edition": 1, "modified": "2020-07-17T00:00:00", "published": "2020-07-14T00:00:00", "id": "KLA11866", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11866", "title": "\r KLA11866Multiple vulnerabilities in Oracle Virtualbox ", "type": "kaspersky", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "freebsd": [{"lastseen": "2020-07-21T11:25:27", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14674", "CVE-2020-14677", "CVE-2020-14629", "CVE-2020-14711", "CVE-2020-14703", "CVE-2020-14714", "CVE-2020-14713", "CVE-2020-14673", "CVE-2020-14647", "CVE-2020-14628", "CVE-2020-14694", "CVE-2020-14646", "CVE-2020-14648", "CVE-2020-14698", "CVE-2020-14712", "CVE-2020-14700", "CVE-2020-14707", "CVE-2020-14715", "CVE-2020-14650", "CVE-2020-14695", "CVE-2020-14675", "CVE-2020-14649", "CVE-2020-14676", "CVE-2020-14699", "CVE-2020-14704"], "description": "\nOracle reports:\n\nVulnerabilities in VirtualBox core can allow users\n\t with logon access to the infrastructure where Oracle VM\n\t VirtualBox executes to compromise Oracle VM VirtualBox.\n\t Successful attacks of these vulnerabilities can result\n\t in unauthorized access to critical data, access to all\n\t Oracle VM VirtualBox accessible data, unauthorized ability\n\t to cause a hang or frequently repeatable crash (complete\n\t DOS) or takeover of Oracle VM VirtualBox.\n\n", "edition": 2, "modified": "2020-07-14T00:00:00", "published": "2020-07-14T00:00:00", "id": "1E7B316B-C6A8-11EA-A7D5-001999F8D30B", "href": "https://vuxml.freebsd.org/freebsd/1e7b316b-c6a8-11ea-a7d5-001999f8d30b.html", "title": "VirtualBox -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "oracle": [{"lastseen": "2020-12-24T15:41:17", "bulletinFamily": "software", "cvelist": ["CVE-2015-7501", "CVE-2015-8607", "CVE-2015-8608", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1923", "CVE-2016-1924", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3183", "CVE-2016-4000", "CVE-2016-4796", "CVE-2016-4797", "CVE-2016-5017", "CVE-2016-5019", "CVE-2016-6306", "CVE-2016-6814", "CVE-2016-8332", "CVE-2016-8610", "CVE-2016-9112", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-0861", "CVE-2017-10140", "CVE-2017-12610", "CVE-2017-12626", "CVE-2017-12814", "CVE-2017-12837", "CVE-2017-12883", "CVE-2017-15265", "CVE-2017-15708", "CVE-2017-5637", "CVE-2017-5645", "CVE-2018-1000004", "CVE-2018-1000632", "CVE-2018-10237", "CVE-2018-10675", "CVE-2018-10872", "CVE-2018-10901", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11776", "CVE-2018-1199", "CVE-2018-12015", "CVE-2018-12023", "CVE-2018-12207", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1288", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17190", "CVE-2018-17196", "CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-3693", "CVE-2018-5390", "CVE-2018-6616", "CVE-2018-6797", "CVE-2018-6798", "CVE-2018-6913", "CVE-2018-7566", "CVE-2018-8012", "CVE-2018-8013", "CVE-2018-8032", "CVE-2018-8088", "CVE-2019-0188", "CVE-2019-0201", "CVE-2019-0220", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10192", "CVE-2019-10193", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12423", "CVE-2019-12814", "CVE-2019-12973", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14862", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1551", "CVE-2019-1552", "CVE-2019-1563", "CVE-2019-16056", "CVE-2019-16335", "CVE-2019-16935", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17560", "CVE-2019-17561", "CVE-2019-17563", "CVE-2019-17569", "CVE-2019-17571", "CVE-2019-17573", "CVE-2019-19956", "CVE-2019-20330", "CVE-2019-20388", "CVE-2019-2094", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5427", "CVE-2019-5489", "CVE-2019-8457", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14527", "CVE-2020-14528", "CVE-2020-14529", "CVE-2020-14530", "CVE-2020-14531", "CVE-2020-14532", "CVE-2020-14533", "CVE-2020-14534", "CVE-2020-14535", "CVE-2020-14536", "CVE-2020-14537", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14541", "CVE-2020-14542", "CVE-2020-14543", "CVE-2020-14544", "CVE-2020-14545", "CVE-2020-14546", "CVE-2020-14547", "CVE-2020-14548", "CVE-2020-14549", "CVE-2020-14550", "CVE-2020-14551", "CVE-2020-14552", "CVE-2020-14553", "CVE-2020-14554", "CVE-2020-14555", "CVE-2020-14556", "CVE-2020-14557", "CVE-2020-14558", "CVE-2020-14559", "CVE-2020-14560", "CVE-2020-14561", "CVE-2020-14562", "CVE-2020-14563", "CVE-2020-14564", "CVE-2020-14565", "CVE-2020-14566", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14569", "CVE-2020-14570", "CVE-2020-14571", "CVE-2020-14572", "CVE-2020-14573", "CVE-2020-14574", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14580", "CVE-2020-14581", "CVE-2020-14582", "CVE-2020-14583", "CVE-2020-14584", "CVE-2020-14585", "CVE-2020-14586", "CVE-2020-14587", "CVE-2020-14588", "CVE-2020-14589", "CVE-2020-14590", "CVE-2020-14591", "CVE-2020-14592", "CVE-2020-14593", "CVE-2020-14594", "CVE-2020-14595", "CVE-2020-14596", "CVE-2020-14597", "CVE-2020-14598", "CVE-2020-14599", "CVE-2020-14600", "CVE-2020-14601", "CVE-2020-14602", "CVE-2020-14603", "CVE-2020-14604", "CVE-2020-14605", "CVE-2020-14606", "CVE-2020-14607", "CVE-2020-14608", "CVE-2020-14609", "CVE-2020-14610", "CVE-2020-14611", "CVE-2020-14612", "CVE-2020-14613", "CVE-2020-14614", "CVE-2020-14615", "CVE-2020-14616", "CVE-2020-14617", "CVE-2020-14618", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14621", "CVE-2020-14622", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14625", "CVE-2020-14626", "CVE-2020-14627", "CVE-2020-14628", "CVE-2020-14629", "CVE-2020-14630", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14635", "CVE-2020-14636", "CVE-2020-14637", "CVE-2020-14638", "CVE-2020-14639", "CVE-2020-14640", "CVE-2020-14641", "CVE-2020-14642", "CVE-2020-14643", "CVE-2020-14644", "CVE-2020-14645", "CVE-2020-14646", "CVE-2020-14647", "CVE-2020-14648", "CVE-2020-14649", "CVE-2020-14650", "CVE-2020-14651", "CVE-2020-14652", "CVE-2020-14653", "CVE-2020-14654", "CVE-2020-14655", "CVE-2020-14656", "CVE-2020-14657", "CVE-2020-14658", "CVE-2020-14659", "CVE-2020-14660", "CVE-2020-14661", "CVE-2020-14662", "CVE-2020-14663", "CVE-2020-14664", "CVE-2020-14665", "CVE-2020-14666", "CVE-2020-14667", "CVE-2020-14668", "CVE-2020-14669", "CVE-2020-14670", "CVE-2020-14671", "CVE-2020-14673", "CVE-2020-14674", "CVE-2020-14675", "CVE-2020-14676", "CVE-2020-14677", "CVE-2020-14678", "CVE-2020-14679", "CVE-2020-14680", "CVE-2020-14681", "CVE-2020-14682", "CVE-2020-14684", "CVE-2020-14685", "CVE-2020-14686", "CVE-2020-14687", "CVE-2020-14688", "CVE-2020-14690", "CVE-2020-14691", "CVE-2020-14692", "CVE-2020-14693", "CVE-2020-14694", "CVE-2020-14695", "CVE-2020-14696", "CVE-2020-14697", "CVE-2020-14698", "CVE-2020-14699", "CVE-2020-14700", "CVE-2020-14701", "CVE-2020-14702", "CVE-2020-14703", "CVE-2020-14704", "CVE-2020-14705", "CVE-2020-14706", "CVE-2020-14707", "CVE-2020-14708", "CVE-2020-14709", "CVE-2020-14710", "CVE-2020-14711", "CVE-2020-14712", "CVE-2020-14713", "CVE-2020-14714", "CVE-2020-14715", "CVE-2020-14716", "CVE-2020-14717", "CVE-2020-14718", "CVE-2020-14719", "CVE-2020-14720", "CVE-2020-14721", "CVE-2020-14722", "CVE-2020-14723", "CVE-2020-14724", "CVE-2020-14725", "CVE-2020-1927", "CVE-2020-1934", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1950", "CVE-2020-1951", "CVE-2020-1967", "CVE-2020-2513", "CVE-2020-2555", "CVE-2020-2562", "CVE-2020-2966", "CVE-2020-2967", "CVE-2020-2968", "CVE-2020-2969", "CVE-2020-2971", "CVE-2020-2972", "CVE-2020-2973", "CVE-2020-2974", "CVE-2020-2975", "CVE-2020-2976", "CVE-2020-2977", "CVE-2020-2978", "CVE-2020-2981", "CVE-2020-2982", "CVE-2020-2983", "CVE-2020-2984", "CVE-2020-5258", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-6851", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7595", "CVE-2020-8112", "CVE-2020-8172", "CVE-2020-9327", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 444 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2684313.1>).\n", "modified": "2020-12-01T00:00:00", "published": "2020-07-14T00:00:00", "id": "ORACLE:CPUJUL2020", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2020", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ptsecurity": [{"lastseen": "2020-10-02T04:34:49", "bulletinFamily": "info", "cvelist": ["CVE-2019-14714"], "description": "# PT-2020-25: Buffer Overflow in ACT.LIB\n\nVerifone \nVerixV \n\n**Severity level**\n\nSeverity level: Medium \nImpact: Buffer Overflow in ACT.LIB \nAccess Vector: Local \n\n\nCVSS v3.1: \nBase Score: 6.6 \nVector: (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H) \n\nCVE-2019-14714 \n\n**Advisory status**\n\n01.09.2018 - Vendor gets vulnerability details \n01.03.2020 - Vendor releases fixed version and details \n\n**Credits**\n\nThe vulnerability was detected by Dmitry Sklyarov, Alexey Stennikov, Vladimir Kononovich, Georgy Zaytsev, Maxim Kozhevnikov, Positive Research Center (Positive Technologies Company) \n", "edition": 1, "modified": "1970-01-01T00:00:00", "published": "2020-01-03T00:00:00", "id": "PT-2020-25", "href": "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-25/", "title": "PT-2020-25: Buffer Overflow in ACT.LIB", "type": "ptsecurity", "cvss": {}}], "openvas": [{"lastseen": "2019-05-29T18:34:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14713", "CVE-2017-14715", "CVE-2017-14714", "CVE-2017-14712", "CVE-2017-14716", "CVE-2017-14717"], "description": "EPESI is prone to multiple stored cross-site scripting (XSS) vulnerabilities\nin various parameters.", "modified": "2018-04-23T00:00:00", "published": "2017-10-16T00:00:00", "id": "OPENVAS:1361412562310112083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112083", "type": "openvas", "title": "EPESI Multiple Stored XSS Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_epesi_stored_xss_vuln.nasl 9565 2018-04-23 10:00:20Z ckuersteiner $\n#\n# EPESI Multiple Stored XSS Vulnerabilities\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:telaxus:epesi\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112083\");\n script_version(\"$Revision: 9565 $\");\n script_cve_id(\"CVE-2017-14712\", \"CVE-2017-14713\", \"CVE-2017-14714\", \"CVE-2017-14715\", \"CVE-2017-14716\", \"CVE-2017-14717\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-23 12:00:20 +0200 (Mon, 23 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-16 13:53:00 +0200 (Mon, 16 Oct 2017)\");\n script_name(\"EPESI Multiple Stored XSS Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_epesi_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"epesi/installed\", \"epesi/revision\");\n\n script_xref(name:\"URL\", value:\"https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830\");\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/42950/\");\n\n script_tag(name:\"summary\", value:\"EPESI is prone to multiple stored cross-site scripting (XSS) vulnerabilities\nin various parameters.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue will allow an auhenticated remote attacker\nto store persistently executable scripts inside the application.\");\n\n script_tag(name:\"affected\", value:\"EPESI version 1.8.2-rev20170830 and below\");\n\n script_tag(name:\"solution\", value:\"Update to version 1.8.2-20171019 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nif(!vers = get_app_version(cpe:CPE, port:port)) exit(0);\nrev = get_kb_item(\"epesi/revision\");\nif (!rev)\n exit(0);\n\nif(version_is_less(version:vers, test_version:\"1.8.2\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.8.2-20171019\");\n security_message(port:port, data:report);\n exit(0);\n}\n\nif (version_is_equal(version: vers, test_version: \"1.8.2\")) {\n if (version_is_less(version: rev, test_version: \"20171019\")) {\n report = report_fixed_ver(installed_version: vers, installed_patch: rev, fixed_version: \"1.8.2\",\n fixed_patch: \"20171019\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2017-10-06T06:01:20", "description": "", "published": "2017-10-04T00:00:00", "type": "packetstorm", "title": "EPESI 1.8.2 Revision 20170830 Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-14713", "CVE-2017-14715", "CVE-2017-14714", "CVE-2017-14712", "CVE-2017-14716", "CVE-2017-14717"], "modified": "2017-10-04T00:00:00", "id": "PACKETSTORM:144501", "href": "https://packetstormsecurity.com/files/144501/EPESI-1.8.2-Revision-20170830-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: Multiple Stored XSS in EPESI \n# Date: 10/03/2017 \n# Exploit Author: Zeeshan Shaikh \n# Vendor Homepage: http://epe.si/ \n# Software Link: http://epe.si/download/ \n# Version: 1.8.2 rev20170830 \n# CVE : CVE-2017-14712 to CVE-2017-14717 \n# Category: webapps \n \n \nXSS 1 (Tasks - Title) \nSteps to recreate: \n1. Home->Tasks->add new \n2. Enter title as \"MYTITLE\" and fill required details but don't click save \n3. Start interceptor and intercept request \n4. click save \n5. Now replace MYTITLE with \"<i onclick=alert(1)>alertme</i>\"(without \nquotes) \n6. Home->click on alertme \n \nXSS 2 (Tasks - Description) \nSteps to recreate: \n1. Create a new task and fill description as \"MYDESC\" but don't click on \nsave \n2. Start intercepting request and then click save on browser \n3. Now replace MYDESC with \"<script>alert(1)</script>\" \n4. Go to Home(make sure task applet is there) -> Mouseover on i icon \n \nXSS 3 (Tasks/Phonecall - Notes - Title) \nSteps to recreate: \n1. Home->Tasks/PhoneCall->Notes->add new \n2. Steps same as XSS 1 \n3. Click on alertme in notes section \n \nXSS 4 (Tasks - Alerts - Title) \nSteps to recreate: \n1. Home->Tasks->Notes->add new \n2. Steps same as XSS 1 \n3. Click on alertme in alerts section \n \nXSS 5 (Phonecalls - Subject) \nSteps to recreate: \n1. Create a new phonecall and fill subject as \"MYSUB\" but don't click on \nsave \n2. Start intercepting request and then click save on browser \n3. Now replace MYSUB with \"<script>alert(1)</script>\" \n4. Go to Home(make sure task applet is there) -> Mouseover on i icon \n \nXSS 6 (Phonecalls - Description) \nSame as XSS 5 \n \n`\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/144501/epesi182-xss.txt"}], "hackerone": [{"lastseen": "2018-04-19T17:34:12", "bulletinFamily": "bugbounty", "bounty": 0.0, "cvelist": [], "description": "**Summary**:\n\nLegal Robot's s3 bucket [**legalrobot.com**] is misconfigured. The ACL allows me to _access_ and _copy_ **all files**. This means that I could go through and copy all the media files on the s3 bucket. I did not attempt to _delete_ any files as I did not want to go too far and affect your operations.\n\n**Steps to Reproduce**:\n\n1) Generate a random AWS key from the AWS Console\n2) Perform the following proof-of-concept:\n```\n$ aws s3 ls s3://legalrobot\n PRE email/\n PRE video/\n2015-12-28 21:39:20 536901 Dan-sq-gray.jpg\n2015-12-28 21:39:21 546125 Dan-sq.jpg\n2015-10-06 21:35:54 363060 Gizmo-Foldable.pdf\n2016-02-26 12:37:45 22945 Megan.jpg\n2015-12-08 01:58:52 420926 logo_huge.png\n2015-12-08 01:59:04 14714 logo_text_huge.png\n\ncopy: aws s3 cp s3://legalrobot/video/meeting-room/MP4/Meeting-Room.mp4\n```\nI've noticed that this particular video file is being played in the background of your homepage. \n\n**Remediation**:\n\nUpdate your ACL to the proper configuration, preventing other users' from potentially modifying or accessing your s3 bucket. \n", "modified": "2017-08-29T03:19:52", "published": "2016-12-07T01:51:29", "id": "H1:189023", "href": "https://hackerone.com/reports/189023", "type": "hackerone", "title": "Legal Robot: S3 ACL misconfiguration", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-4868", "CVE-1999-0377", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2015-4869", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2015-4912", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4855", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-2633", "CVE-2015-4807", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-4826", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "description": "Quarterly update closes 140 vulnerabilities in different applications.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "description": "PHAR extension DoS.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "title": "PHP security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}