Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201802-01
HistoryFeb 11, 2018 - 12:00 a.m.

VirtualBox: Multiple vulnerabilities

2018-02-1100:00:00
Gentoo Foundation
security.gentoo.org
24

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

35.6%

JSON

Background

VirtualBox is a powerful virtualization product from Oracle.

Description

Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details.

Impact

An attacker could take control of VirtualBox resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, or other unspecified impacts.

Workaround

There is no known workaround at this time.

Resolution

All VirtualBox users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-5.1.32"

All VirtualBox Binary users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=app-emulation/virtualbox-bin-5.1.32.120294"

All VirtualBox Guest Additions users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=app-emulation/virtualbox-guest-additions-5.1.32"

Related

openvas 6
nessus 4
suse 2
kaspersky 1
mageia 1
prion 10
cve 10
nvd 10
cvelist 10
ubuntucve 10
debiancve 10
zdi 6
zdt 1
exploitpack 1
seebug 1
packetstorm 1
exploitdb 1
ibm 1
oracle 1
openvas
openvas
openSUSE: Security Advisory for virtualbox (openSUSE-SU-2018:0187-1)
2018-01-24 00:00:00
Oracle VirtualBox Security Updates (jan2018-3236628) - Linux
2018-01-17 00:00:00
Oracle VirtualBox Security Updates (jan2018-3236628) - Mac OS X
2018-01-17 00:00:00
nessus
nessus
openSUSE Security Update : virtualbox (openSUSE-2018-75) (Spectre)
2018-01-24 00:00:00
GLSA-201802-01 : VirtualBox: Multiple vulnerabilities
2018-02-12 00:00:00
Oracle VM VirtualBox 5.1.x < 5.1.32 / 5.2.x < 5.2.6 (January 2018 CPU)
2018-01-17 00:00:00
suse
suse
Security update for virtualbox (important)
2018-01-24 03:07:42
Security update for kbuild, virtualbox (important)
2018-08-27 00:07:57
kaspersky
kaspersky
KLA11179 Multiple vulnerabilities in Oracle VM VirtualBox
2018-01-18 00:00:00
mageia
mageia
Updated virtualbox packages fix security vulnerabilities
2018-01-26 00:04:19
prion
prion
Buffer overflow
2018-01-18 02:29:00
Buffer overflow
2018-01-18 02:29:00
Buffer overflow
2018-01-18 02:29:00
cve
cve
CVE-2018-2676
2018-01-18 02:29:22
CVE-2018-2693
2018-01-18 02:29:23
CVE-2018-2685
2018-01-18 02:29:23
nvd
nvd
CVE-2018-2676
2018-01-18 02:29:22
CVE-2018-2688
2018-01-18 02:29:23
CVE-2018-2685
2018-01-18 02:29:23
cvelist
cvelist
CVE-2018-2676
2018-01-18 02:00:00
CVE-2018-2686
2018-01-18 02:00:00
CVE-2018-2688
2018-01-18 02:00:00
ubuntucve
ubuntucve
CVE-2018-2676
2018-01-18 00:00:00
CVE-2018-2688
2018-01-18 00:00:00
CVE-2018-2689
2018-01-18 00:00:00
debiancve
debiancve
CVE-2018-2676
2018-01-18 02:29:22
CVE-2018-2685
2018-01-18 02:29:23
CVE-2018-2686
2018-01-18 02:29:23
zdi
zdi
Oracle VirtualBox crServerDispatchDeleteTextures Integer Overflow Privilege Escalation Vulnerability
2018-01-18 00:00:00
Oracle VirtualBox crServerDispatchCallLists Integer Overflow Privilege Escalation Vulnerability
2018-01-18 00:00:00
Oracle VirtualBox crUnpackPolygonStipple Untrusted Pointer Dereference Privilege Escalation Vulnerability
2018-01-18 00:00:00
zdt
zdt
Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape Vulnerability
2018-01-25 00:00:00
exploitpack
exploitpack
Oracle VirtualBox 5.1.30 5.2-rc1 - Guest to Host Escape
2018-01-24 00:00:00
seebug
seebug
Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities(CVE-2018-2698)
2018-01-26 00:00:00
packetstorm
packetstorm
Oracle VirtualBox Guest To Host Escape
2018-01-24 00:00:00
exploitdb
exploitdb
Oracle VirtualBox &lt; 5.1.30 / &lt; 5.2-rc1 - Guest to Host Escape
2018-01-24 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2018-2579, CVE-2018-2693, CVE-2018-2783)
2018-08-28 00:04:56
oracle
oracle
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

35.6%

JSON
Related for GLSA-201802-01
openvas6nessus4suse2kaspersky1mageia1prion10cve10nvd10cvelist10ubuntucve10debiancve10zdi6zdt1exploitpack1seebug1packetstorm1exploitdb1ibm1oracle1