This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2011-01-19
Product Vm Virtualbox Last view 2023-10-17
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:* 337
cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:* 337
cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:* 336
cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:* 336
cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:* 336
cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:* 336
cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:* 336
cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:* 336
cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:* 336
cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:* 336
cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:* 336
cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:3.0:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:3.1:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:* 335
cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:* 335

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.9 2023-10-17 CVE-2023-22100

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 7.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H).

8.2 2023-10-17 CVE-2023-22099

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

8.2 2023-10-17 CVE-2023-22098

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

8.1 2023-07-18 CVE-2023-22018

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

5.5 2023-07-18 CVE-2023-22017

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

4.2 2023-07-18 CVE-2023-22016

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).

6 2023-04-18 CVE-2023-22002

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

4.6 2023-04-18 CVE-2023-22001

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N).

4.6 2023-04-18 CVE-2023-22000

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N).

3.6 2023-04-18 CVE-2023-21999

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).

4.6 2023-04-18 CVE-2023-21998

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N).

3.2 2023-04-18 CVE-2023-21991

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).

8.2 2023-04-18 CVE-2023-21990

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

6 2023-04-18 CVE-2023-21989

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

3.8 2023-04-18 CVE-2023-21988

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

7.8 2023-04-18 CVE-2023-21987

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

5.5 2023-01-18 CVE-2023-21899

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

5.5 2023-01-18 CVE-2023-21898

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

3.8 2023-01-18 CVE-2023-21889

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

8.1 2023-01-18 CVE-2023-21886

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.8 2023-01-18 CVE-2023-21885

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Applies to Windows only. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

4.4 2023-01-18 CVE-2023-21884

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

8.8 2022-10-18 CVE-2022-39427

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

8.1 2022-10-18 CVE-2022-39426

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

8.1 2022-10-18 CVE-2022-39425

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

CWE : Common Weakness Enumeration

%idName
20% (9) CWE-125 Out-of-bounds Read
11% (5) CWE-787 Out-of-bounds Write
8% (4) CWE-399 Resource Management Errors
8% (4) CWE-284 Access Control (Authorization) Issues
6% (3) CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
6% (3) CWE-200 Information Exposure
6% (3) CWE-20 Improper Input Validation
4% (2) CWE-203 Information Exposure Through Discrepancy
4% (2) CWE-190 Integer Overflow or Wraparound
2% (1) CWE-681 Incorrect Conversion between Numeric Types
2% (1) CWE-416 Use After Free
2% (1) CWE-362 Race Condition
2% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
2% (1) CWE-310 Cryptographic Issues
2% (1) CWE-295 Certificate Issues
2% (1) CWE-254 Security Features
2% (1) CWE-191 Integer Underflow (Wrap or Wraparound)
2% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:12576 Unspecified vulnerability in Oracle VM VirtualBox 4.0
oval:org.mitre.oval:def:13148 Unspecified vulnerability in Oracle VM VirtualBox related to Guest Additions ...
oval:org.mitre.oval:def:12983 Unspecified vulnerability in Oracle VM VirtualBox
oval:org.mitre.oval:def:16235 Unspecified vulnerability in the Oracle VM VirtualBox 4.1 component
oval:org.mitre.oval:def:16722 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Vir...
oval:org.mitre.oval:def:15763 Unspecified vulnerability in the VirtualBox component in Oracle Virtualizatio...
oval:org.mitre.oval:def:22409 Unspecified vulnerability in the VirtualBox component in Oracle Virtualizatio...
oval:org.mitre.oval:def:22391 Unspecified vulnerability in the VirtualBox component in Oracle Virtualizatio...
oval:org.mitre.oval:def:21438 Unspecified vulnerability in the VirtualBox component in Oracle Virtualizatio...
oval:org.mitre.oval:def:22434 Unspecified vulnerability in the VirtualBox component in Oracle Virtualizatio...
oval:org.mitre.oval:def:21883 Unspecified vulnerability in the VirtualBox component in Oracle Virtualizatio...
oval:org.mitre.oval:def:24111 DSA-2878-1 virtualbox - security update
oval:org.mitre.oval:def:24120 Vulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through ...
oval:org.mitre.oval:def:24026 Vulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through ...
oval:org.mitre.oval:def:24607 DSA-2904-1 virtualbox - security update
oval:org.mitre.oval:def:24618 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Vir...
oval:org.mitre.oval:def:24979 Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, ...
oval:org.mitre.oval:def:25006 Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, ...
oval:org.mitre.oval:def:24927 Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, ...
oval:org.mitre.oval:def:24987 Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, ...
oval:org.mitre.oval:def:25054 Unspecified vulnerability in the Oracle VM VirtualBox before 4.1.34, 4.2.26, ...
oval:org.mitre.oval:def:25235 Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, ...
oval:org.mitre.oval:def:24865 Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, ...
oval:org.mitre.oval:def:28638 ELSA-2015-0090 -- glibc security update (critical)
oval:org.mitre.oval:def:28622 ELSA-2015-0092 -- glibc security update (critical)

SAINT Exploits

Description Link
Oracle WebLogic Server deserialization remote code execution More info here

Open Source Vulnerability Database (OSVDB)

id Description
78443 Oracle VM VirtualBox Shared Folders Component Unspecified Local Issue
78442 Oracle VM VirtualBox Windows Guest Additions Component Unspecified Local Issue
73897 Oracle VM VirtualBox Guest Additions for Windows XPDM Display Driver Local Ov...
73896 Oracle VM VirtualBox Host-Guest Communication Manager SHCRGL_GUEST_FN_WRITE_B...
70549 Oracle VM VirtualBox Extensions Unspecified Local Issue

ExploitDB Exploits

id Description
32208 Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities

OpenVAS Exploits

id Description
2012-04-30 Name : Gentoo Security Advisory GLSA 201204-01 (virtualbox)
File : nvt/glsa_201204_01.nasl
2012-01-24 Name : Oracle VM VirtualBox Multiple Unspecified Vulnerabilities (Windows)
File : nvt/secpod_oracle_virtualbox_mult_unspecified_vuln_win.nasl
2012-01-24 Name : Oracle VM VirtualBox Unspecified Vulnerability (MAC OS X)
File : nvt/secpod_oracle_virtualbox_unspecified_vuln_macosx.nasl
2011-07-29 Name : Oracle VM VirtualBox Unspecified Vulnerability (Windows)
File : nvt/secpod_oracle_virtualbox_unspecified_vuln_win.nasl
2011-01-31 Name : Oracle VM VirtualBox Extensions Local Privilege Escalation Vulnerability (Linux)
File : nvt/gb_oracle_virtualbox_loc_prev_escl_vuln_lin.nasl
2011-01-27 Name : Oracle VM VirtualBox Extensions Local Privilege Escalation Vulnerability
File : nvt/gb_oracle_virtualbox_loc_prev_escl_vuln_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0160 Multiple Vulnerabilities in Oracle Linux and Virtualization
Severity: Category I - VMSKEY: V0061123
2014-A-0107 Multiple Vulnerabilities in Oracle & Sun Systems Products Suite
Severity: Category I - VMSKEY: V0053187
2014-A-0058 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0049579
2014-A-0012 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0043396
2013-A-0195 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0040781

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-08-06 Oracle WebLogic Server blacklisted class use attempt
RuleID : 50660 - Type : POLICY-OTHER - Revision : 3
2019-08-06 Oracle WebLogic Server blacklisted class use attempt
RuleID : 50659 - Type : POLICY-OTHER - Revision : 3
2019-07-23 Oracle WebLogic Server remote command execution attempt
RuleID : 50474 - Type : SERVER-ORACLE - Revision : 2
2019-07-23 Oracle WebLogic Server remote command execution attempt
RuleID : 50473 - Type : SERVER-ORACLE - Revision : 2
2019-06-04 Oracle WebLogic Server remote command execution attempt
RuleID : 50025 - Type : SERVER-ORACLE - Revision : 1
2019-06-04 Oracle WebLogic Server remote command execution attempt
RuleID : 50024 - Type : SERVER-ORACLE - Revision : 1
2019-06-04 Oracle WebLogic Server remote command execution attempt
RuleID : 50023 - Type : SERVER-ORACLE - Revision : 1
2019-06-04 Oracle WebLogic Server remote command execution attempt
RuleID : 50022 - Type : SERVER-ORACLE - Revision : 1
2019-06-04 Oracle WebLogic Server remote command execution attempt
RuleID : 50021 - Type : SERVER-ORACLE - Revision : 1
2019-06-04 Oracle WebLogic Server remote command execution attempt
RuleID : 50020 - Type : SERVER-ORACLE - Revision : 1
2019-06-04 Oracle WebLogic Server remote command execution attempt
RuleID : 50019 - Type : SERVER-ORACLE - Revision : 1
2019-06-04 Oracle WebLogic Server remote command execution attempt
RuleID : 50018 - Type : SERVER-ORACLE - Revision : 1
2019-06-04 Oracle WebLogic Server remote command execution attempt
RuleID : 50017 - Type : SERVER-ORACLE - Revision : 1
2019-06-04 Oracle WebLogic Server remote command execution attempt
RuleID : 50016 - Type : SERVER-ORACLE - Revision : 1
2019-06-04 Oracle WebLogic Server remote command execution attempt
RuleID : 50015 - Type : SERVER-ORACLE - Revision : 1
2019-06-04 Oracle WebLogic Server remote command execution attempt
RuleID : 50014 - Type : SERVER-ORACLE - Revision : 1
2019-05-30 Oracle WebLogic Server remote command execution attempt
RuleID : 49946 - Type : SERVER-ORACLE - Revision : 1
2019-05-30 Oracle WebLogic Server remote command execution attempt
RuleID : 49945 - Type : SERVER-ORACLE - Revision : 1
2019-05-30 Oracle WebLogic Server remote command execution attempt
RuleID : 49944 - Type : SERVER-ORACLE - Revision : 1
2019-05-29 Oracle WebLogic Server remote command execution attempt
RuleID : 49943 - Type : SERVER-ORACLE - Revision : 2
2019-05-29 Oracle WebLogic Server remote command execution attempt
RuleID : 49942 - Type : SERVER-ORACLE - Revision : 2
2018-02-20 Intel x64 side-channel analysis information leak attempt
RuleID : 45444 - Type : OS-OTHER - Revision : 2
2018-02-20 Intel x64 side-channel analysis information leak attempt
RuleID : 45443 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x64 side-channel analysis information leak attempt
RuleID : 45368 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x64 side-channel analysis information leak attempt
RuleID : 45367 - Type : OS-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-18 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO
2019-01-02 Name: Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File: nessus_tns_2018_16.nasl - Type: ACT_GATHER_INFO
2019-01-02 Name: Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File: nessus_tns_2018_17.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1434.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: Node.js - JavaScript run-time environment is affected by multiple vulnerabili...
File: nodejs_2018_nov.nasl - Type: ACT_GATHER_INFO
2018-12-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4355.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_2a86f45afc3c11e8a41400155d006b02.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4348.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-325-01.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1586.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_6f170cf2e6b711e8a9a8b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL91229003.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201810-06.nasl - Type: ACT_GATHER_INFO
2018-10-30 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_238ae7dedba211e8b713b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1233.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1236.nasl - Type: ACT_GATHER_INFO
2018-09-17 Name: The remote Debian host is missing a security update.
File: debian_DLA-1506.nasl - Type: ACT_GATHER_INFO
2018-09-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1497.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0098.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0011.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1422.nasl - Type: ACT_GATHER_INFO
2018-07-09 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9f02e5ed7b.nasl - Type: ACT_GATHER_INFO
2018-05-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4213.nasl - Type: ACT_GATHER_INFO
2018-05-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201805-08.nasl - Type: ACT_GATHER_INFO
2018-05-03 Name: The remote Debian host is missing a security update.
File: debian_DLA-1369.nasl - Type: ACT_GATHER_INFO