| VuXML ID | Description |
|---|
| 2780e442-fc59-11e4-b18b-6805ca1d3bb1 | qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")
Jason Geffner, CrowdStrike Senior Security Researcher reports:
VENOM, CVE-2015-3456, is a security vulnerability in
the virtual floppy drive code used by many computer
virtualization platforms. This vulnerability may allow
an attacker to escape from the confines of an affected
virtual machine (VM) guest and potentially obtain
code-execution access to the host. Absent mitigation,
this VM escape could open access to the host system and
all other VMs running on that host, potentially giving
adversaries significant elevated access to the host's
local network and adjacent systems.
Discovery 2015-04-29
Entry 2015-05-17
Modified 2015-09-28
qemu
qemu-devel
< 0.11.1_19
ge 0.12 lt 2.3.0_1
qemu-sbruno
< 2.3.50.g20150501_1
virtualbox-ose
< 4.3.28
xen-tools
ge 4.5.0 lt 4.5.0_5
CVE-2015-3456
ports/200255
ports/200256
ports/200257
http://venom.crowdstrike.com/
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
http://xenbits.xen.org/xsa/advisory-133.html
|
| f32b1fbd-264d-11ee-a468-80fa5b29d485 | virtualbox-ose -- multiple vulnerabilities
secalert_us@oracle.com reports:
Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualization (component: Core). Supported versions that are
affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable
vulnerability allows high privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise
Oracle VM VirtualBox. Successful attacks require human interaction
from a person other than the attacker. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.
CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).
Discovery 2023-07-18
Entry 2023-07-19
virtualbox-ose
< 6.1.46
CVE-2023-22016
https://nvd.nist.gov/vuln/detail/CVE-2023-22016
|
| bc90e894-264b-11ee-a468-80fa5b29d485 | virtualbox-ose -- multiple vulnerabilities
secalert_us@oracle.com reports:
Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualization (component: Core). Supported versions that are
affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via RDP to compromise Oracle VM VirtualBox. Successful
attacks of this vulnerability can result in takeover of Oracle VM
VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity
and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Discovery 2023-07-18
Entry 2023-07-19
virtualbox-ose
< 6.1.46
CVE-2023-22018
https://nvd.nist.gov/vuln/detail/CVE-2023-22018
|
| cf40e8b7-264d-11ee-a468-80fa5b29d485 | virtualbox-ose -- multiple vulnerabilities
secalert_us@oracle.com reports:
Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualization (component: Core). Supported versions that are
affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable
vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise
Oracle VM VirtualBox. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of Oracle VM VirtualBox. Note:
This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score
5.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Discovery 2023-07-18
Entry 2023-07-19
virtualbox-ose
< 6.1.46
CVE-2023-22017
https://nvd.nist.gov/vuln/detail/CVE-2023-22017
|
| 7d40edd1-901e-11e6-a590-14dae9d210b8 | VirtualBox -- undisclosed vulnerabilities
Oracle reports reports:
Unspecified vulnerability in the Oracle VM VirtualBox
component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42,
4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local
users to affect availability via unknown vectors related to Core.
Unspecified vulnerability in the Oracle VM VirtualBox
component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42,
4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature
(RDP) enabled, allows remote attackers to affect availability via
unknown vectors related to Core.
Discovery 2015-10-01
Entry 2016-10-12
Modified 2016-10-18
virtualbox-ose
ge 5.0 lt 5.0.8
ge 4.3 lt 4.3.32
ge 4.2 lt 4.2.34
ge 4.1 lt 4.1.42
ge 4.0 lt 4.0.34
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4813
CVE-2015-4896
ports/204406
|
| e1387e95-08d0-11ed-be26-001999f8d30b | VirtualBox -- Multiple vulnerabilities
Oracle reports:
Easily exploitable vulnerability allows high privileged
attacker with logon to the infrastructure where Oracle
VM VirtualBox executes to compromise Oracle VM VirtualBox.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of Oracle VM VirtualBox.
Discovery 2022-07-20
Entry 2022-07-21
virtualbox-ose
< 6.1.36
CVE-2022-21554
CVE-2022-21571
https://www.oracle.com/security-alerts/cpujul2022.html
|
| 1ba034fb-ca38-11ed-b242-d4c9ef517024 | OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints
The OpenSSL project reports:
Severity: Low
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit this
vulnerability by creating a malicious certificate chain that triggers
exponential use of computational resources, leading to a denial-of-service
(DoS) attack on affected systems.
Discovery 2023-03-23
Entry 2023-03-24
Modified 2023-07-19
openssl
< 1.1.1t,1_1
openssl30
< 3.0.8_1
openssl31
< 3.1.0_1
openssl-quic
< 3.0.8_1
virtualbox-ose
< 6.1.46
CVE-2023-0464
https://www.openssl.org/news/secadv/20230322.txt
|