This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2011-01-19
Product Vm Virtualbox Last view 2020-07-15
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:* 238
cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:* 238
cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:* 237
cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:* 237
cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:* 237
cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:* 237
cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:* 237
cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:* 237
cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:* 237
cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:* 237
cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:* 237
cpe:2.3:a:oracle:vm_virtualbox:3.0:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:3.1:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:* 236
cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:* 236

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.4 2020-07-15 CVE-2020-14715

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

4.4 2020-07-15 CVE-2020-14714

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

7.5 2020-07-15 CVE-2020-14713

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

5 2020-07-15 CVE-2020-14712

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N).

6.5 2020-07-15 CVE-2020-14711

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14711 is applicable to macOS host only. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).

5 2020-07-15 CVE-2020-14707

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).

6 2020-07-15 CVE-2020-14704

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

6 2020-07-15 CVE-2020-14703

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

5.3 2020-07-15 CVE-2020-14700

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).

7.5 2020-07-15 CVE-2020-14699

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

5.3 2020-07-15 CVE-2020-14698

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).

5.3 2020-07-15 CVE-2020-14695

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).

5.3 2020-07-15 CVE-2020-14694

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).

7.5 2020-07-15 CVE-2020-14677

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

7.5 2020-07-15 CVE-2020-14676

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

7.5 2020-07-15 CVE-2020-14675

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

7.5 2020-07-15 CVE-2020-14674

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

5.3 2020-07-15 CVE-2020-14673

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).

5.3 2020-07-15 CVE-2020-14650

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).

7.5 2020-07-15 CVE-2020-14649

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

5.3 2020-07-15 CVE-2020-14648

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).

7.5 2020-07-15 CVE-2020-14647

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

7.5 2020-07-15 CVE-2020-14646

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

6 2020-07-15 CVE-2020-14629

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

8.2 2020-07-15 CVE-2020-14628

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14628 is applicable to Windows VM only. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

CWE : Common Weakness Enumeration

%idName
17% (5) CWE-125 Out-of-bounds Read
13% (4) CWE-399 Resource Management Errors
13% (4) CWE-284 Access Control (Authorization) Issues
10% (3) CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
10% (3) CWE-200 Information Exposure
3% (1) CWE-787 Out-of-bounds Write
3% (1) CWE-362 Race Condition
3% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
3% (1) CWE-310 Cryptographic Issues
3% (1) CWE-295 Certificate Issues
3% (1) CWE-254 Security Features
3% (1) CWE-203 Information Exposure Through Discrepancy
3% (1) CWE-191 Integer Underflow (Wrap or Wraparound)
3% (1) CWE-190 Integer Overflow or Wraparound
3% (1) CWE-20 Improper Input Validation

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:12576 Unspecified vulnerability in Oracle VM VirtualBox 4.0
oval:org.mitre.oval:def:13148 Unspecified vulnerability in Oracle VM VirtualBox related to Guest Additions ...
oval:org.mitre.oval:def:12983 Unspecified vulnerability in Oracle VM VirtualBox
oval:org.mitre.oval:def:16235 Unspecified vulnerability in the Oracle VM VirtualBox 4.1 component
oval:org.mitre.oval:def:16722 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Vir...
oval:org.mitre.oval:def:15763 Unspecified vulnerability in the VirtualBox component in Oracle Virtualizatio...
oval:org.mitre.oval:def:22409 Unspecified vulnerability in the VirtualBox component in Oracle Virtualizatio...
oval:org.mitre.oval:def:22391 Unspecified vulnerability in the VirtualBox component in Oracle Virtualizatio...
oval:org.mitre.oval:def:21438 Unspecified vulnerability in the VirtualBox component in Oracle Virtualizatio...
oval:org.mitre.oval:def:22434 Unspecified vulnerability in the VirtualBox component in Oracle Virtualizatio...
oval:org.mitre.oval:def:21883 Unspecified vulnerability in the VirtualBox component in Oracle Virtualizatio...
oval:org.mitre.oval:def:24111 DSA-2878-1 virtualbox - security update
oval:org.mitre.oval:def:24120 Vulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through ...
oval:org.mitre.oval:def:24026 Vulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through ...
oval:org.mitre.oval:def:24607 DSA-2904-1 virtualbox - security update
oval:org.mitre.oval:def:24618 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Vir...
oval:org.mitre.oval:def:24979 Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, ...
oval:org.mitre.oval:def:25006 Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, ...
oval:org.mitre.oval:def:24927 Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, ...
oval:org.mitre.oval:def:24987 Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, ...
oval:org.mitre.oval:def:25054 Unspecified vulnerability in the Oracle VM VirtualBox before 4.1.34, 4.2.26, ...
oval:org.mitre.oval:def:25235 Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, ...
oval:org.mitre.oval:def:24865 Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, ...

Open Source Vulnerability Database (OSVDB)

id Description
78443 Oracle VM VirtualBox Shared Folders Component Unspecified Local Issue
78442 Oracle VM VirtualBox Windows Guest Additions Component Unspecified Local Issue
73897 Oracle VM VirtualBox Guest Additions for Windows XPDM Display Driver Local Ov...
73896 Oracle VM VirtualBox Host-Guest Communication Manager SHCRGL_GUEST_FN_WRITE_B...
70549 Oracle VM VirtualBox Extensions Unspecified Local Issue

ExploitDB Exploits

id Description
32208 Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities

OpenVAS Exploits

id Description
2012-04-30 Name : Gentoo Security Advisory GLSA 201204-01 (virtualbox)
File : nvt/glsa_201204_01.nasl
2012-01-24 Name : Oracle VM VirtualBox Multiple Unspecified Vulnerabilities (Windows)
File : nvt/secpod_oracle_virtualbox_mult_unspecified_vuln_win.nasl
2012-01-24 Name : Oracle VM VirtualBox Unspecified Vulnerability (MAC OS X)
File : nvt/secpod_oracle_virtualbox_unspecified_vuln_macosx.nasl
2011-07-29 Name : Oracle VM VirtualBox Unspecified Vulnerability (Windows)
File : nvt/secpod_oracle_virtualbox_unspecified_vuln_win.nasl
2011-01-31 Name : Oracle VM VirtualBox Extensions Local Privilege Escalation Vulnerability (Linux)
File : nvt/gb_oracle_virtualbox_loc_prev_escl_vuln_lin.nasl
2011-01-27 Name : Oracle VM VirtualBox Extensions Local Privilege Escalation Vulnerability
File : nvt/gb_oracle_virtualbox_loc_prev_escl_vuln_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0160 Multiple Vulnerabilities in Oracle Linux and Virtualization
Severity: Category I - VMSKEY: V0061123
2014-A-0107 Multiple Vulnerabilities in Oracle & Sun Systems Products Suite
Severity: Category I - VMSKEY: V0053187
2014-A-0058 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0049579
2014-A-0012 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0043396
2013-A-0195 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0040781

Snort® IPS/IDS

Date Description
2016-04-05 SSLv2 Client Hello attempt
RuleID : 38060 - Type : POLICY-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-18 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO
2019-01-02 Name: Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File: nessus_tns_2018_16.nasl - Type: ACT_GATHER_INFO
2019-01-02 Name: Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File: nessus_tns_2018_17.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1434.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: Node.js - JavaScript run-time environment is affected by multiple vulnerabili...
File: nodejs_2018_nov.nasl - Type: ACT_GATHER_INFO
2018-12-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4355.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_2a86f45afc3c11e8a41400155d006b02.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4348.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-325-01.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1586.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_6f170cf2e6b711e8a9a8b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-10-30 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_238ae7dedba211e8b713b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-05-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201805-08.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0018.nasl - Type: ACT_GATHER_INFO
2018-02-12 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201802-01.nasl - Type: ACT_GATHER_INFO
2017-11-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1267.nasl - Type: ACT_GATHER_INFO
2017-10-18 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: virtualbox_5_1_30.nasl - Type: ACT_GATHER_INFO
2017-07-19 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: virtualbox_5_1_24.nasl - Type: ACT_GATHER_INFO
2017-05-03 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-533.nasl - Type: ACT_GATHER_INFO
2017-05-03 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-534.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1039.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1040.nasl - Type: ACT_GATHER_INFO
2017-04-20 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: virtualbox_5_1_20.nasl - Type: ACT_GATHER_INFO
2017-04-03 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0057.nasl - Type: ACT_GATHER_INFO
2017-02-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201702-08.nasl - Type: ACT_GATHER_INFO