Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA51007
HistoryJul 18, 2023 - 12:00 a.m.

KLA51007 Multiple vulnerabilities in Oracle VirtualBox

2023-07-1800:00:00
Kaspersky Lab
threats.kaspersky.com
38
oracle virtualbox
vulnerabilities
denial of service
arbitrary code
sensitive information
update
public exploits
cve-2023-0464
cve-2023-22017
cve-2023-22018
cve-2023-22016
ace
kaspersky

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.004

Percentile

73.0%

JSON

Multiple vulnerabilities were found in Oracle VirtualBox. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. Denial of service vulnerability in Core can be exploited to cause denial of service.
  2. Code execution vulnerability in Core can be exploited to execute arbitrary code and obtain sensitive information and cause denial of service.
  3. Denial of service vulnerability in OpenSSL can be exploited to cause denial of service.

Original advisories

Oracle Critical Patch Update Advisory – July 2023

Exploitation

Public exploits exist for this vulnerability.

Related products

Oracle-VirtualBox

CVE list

CVE-2023-0464 critical

CVE-2023-22017 high

CVE-2023-22018 critical

CVE-2023-22016 warning

Solution

Update to the latest version

Download VirtualBox

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Oracle VirtualBox earlier than 6.1.46Oracle VirtualBox 7.0.x earlier than 7.0.10

Related

openvas 44
nessus 64
mageia 1
prion 4
cvelist 4
freebsd 4
nvd 4
cve 4
debiancve 4
redos 2
vulnrichment 3
ubuntucve 4
zdi 1
veracode 4
ibm 11
osv 12
alpinelinux 1
githubexploit 1
f5 1
cgr 1
cbl_mariner 6
broadcom 1
openssl 1
redhatcve 1
wolfi 1
malwarebytes 1
cloudlinux 1
photon 2
amazon 3
debian 2
ubuntu 1
cloudfoundry 1
almalinux 1
fedora 1
oraclelinux 1
redhat 1
openvas
openvas
Oracle VirtualBox Security Update (jul2023) - Linux
2023-07-19 00:00:00
Oracle VirtualBox Security Update (jul2023) - Mac OS X
2023-07-19 00:00:00
Oracle VirtualBox Security Update (jul2023) - Windows
2023-07-19 00:00:00
nessus
nessus
Oracle VM VirtualBox < 6.1.46 / 7.x < 7.0.10 (July 2023 CPU)
2023-07-19 00:00:00
FreeBSD : virtualbox-ose -- multiple vulnerabilities (bc90e894-264b-11ee-a468-80fa5b29d485)
2023-07-20 00:00:00
FreeBSD : virtualbox-ose -- multiple vulnerabilities (f32b1fbd-264d-11ee-a468-80fa5b29d485)
2023-07-20 00:00:00
mageia
mageia
Updated virtualbox packages fix security vulnerabilities
2023-07-24 00:59:03
prion
prion
Buffer overflow
2023-07-18 21:15:00
Design/Logic Flaw
2023-07-18 21:15:00
Buffer overflow
2023-07-18 21:15:00
cvelist
cvelist
CVE-2023-22016
2023-07-18 20:18:12
CVE-2023-22017
2023-07-18 20:18:13
CVE-2023-22018
2023-07-18 20:18:14
freebsd
freebsd
virtualbox-ose -- multiple vulnerabilities
2023-07-18 00:00:00
virtualbox-ose -- multiple vulnerabilities
2023-07-18 00:00:00
virtualbox-ose -- multiple vulnerabilities
2023-07-18 00:00:00
nvd
nvd
CVE-2023-22018
2023-07-18 21:15:12
CVE-2023-22016
2023-07-18 21:15:12
CVE-2023-22017
2023-07-18 21:15:12
cve
cve
CVE-2023-22018
2023-07-18 21:15:12
CVE-2023-22017
2023-07-18 21:15:12
CVE-2023-22016
2023-07-18 21:15:12
debiancve
debiancve
CVE-2023-22018
2023-07-18 21:15:12
CVE-2023-22016
2023-07-18 21:15:12
CVE-2023-22017
2023-07-18 21:15:12
redos
redos
ROS-20230907-02
2023-09-07 00:00:00
ROS-20230407-03
2023-04-07 00:00:00
vulnrichment
vulnrichment
CVE-2023-22018
2023-07-18 20:18:14
CVE-2023-22016
2023-07-18 20:18:12
CVE-2023-22017
2023-07-18 20:18:13
ubuntucve
ubuntucve
CVE-2023-22017
2023-07-18 00:00:00
CVE-2023-22018
2023-07-18 00:00:00
CVE-2023-22016
2023-07-18 00:00:00
zdi
zdi
Oracle VirtualBox VRDP Memory Corruption Remote Code Execution Vulnerability
2023-07-26 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2023-08-06 16:13:26
Denial Of Service (DoS)
2023-08-06 16:13:26
Denial Of Service (DoS)
2023-08-06 16:13:26
ibm
ibm
Security Bulletin: CVE-2023-0464 may affect IBM CICS TX Advanced 10.1
2023-06-08 18:15:41
Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.
2024-05-01 21:21:57
Security Bulletin: Due to use of OpenSSL, IBM Tivoli Netcool System Service Monitors/Application Service Monitors is vulnerable to a denial of service.
2023-10-23 13:16:28
osv
osv
CGA-c37v-v25g-6fpw
2024-06-06 12:25:48
CGA-rm7q-7jfx-75fh
2024-09-25 05:34:06
CGA-939c-98g8-vc74
2024-06-06 12:25:20
alpinelinux
alpinelinux
CVE-2023-0464
2023-03-22 17:15:13
githubexploit
githubexploit
Exploit for Improper Certificate Validation in Openssl
2023-04-24 06:40:37
f5
f5
K000133706 : OpenSSL vulnerability CVE-2023-0464
2023-04-28 00:00:00
cgr
cgr
CVE-2023-0464 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2023-0464 affecting package rust for versions less than 1.68.0-1
2023-10-11 01:41:59
CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2
2024-09-30 09:32:25
CVE-2023-0464 affecting package openssl 1.1.1k-13
2023-04-20 19:17:28
broadcom
broadcom
Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464)
2024-04-17 00:00:00
openssl
openssl
Vulnerability in OpenSSL - Excessive Resource Usage Verifying X.509 Policy Constraints
2023-03-21 00:00:00
redhatcve
redhatcve
CVE-2023-0464
2023-03-24 13:07:28
wolfi
wolfi
CVE-2023-0464 vulnerabilities
2024-09-30 09:32:54
malwarebytes
malwarebytes
Zimbra issues awaited patch for actively exploited vulnerability
2023-07-28 11:30:00
cloudlinux
cloudlinux
openssl: Fix of 3 CVEs
2023-05-04 21:42:17
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0034
2023-06-21 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0594
2023-06-08 00:00:00
amazon
amazon
Medium: openssl11
2023-05-11 17:49:00
Medium: openssl
2023-06-05 16:39:00
Medium: openssl
2023-06-05 16:39:00
debian
debian
[SECURITY] [DLA 3449-1] openssl security update
2023-06-08 16:32:36
[SECURITY] [DSA 5417-1] openssl security update
2023-05-31 14:50:37
ubuntu
ubuntu
OpenSSL vulnerabilities
2023-04-25 00:00:00
cloudfoundry
cloudfoundry
USN-6039-1: OpenSSL vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
almalinux
almalinux
Moderate: openssl security and bug fix update
2023-06-21 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: openssl-3.0.9-1.fc38
2023-06-03 02:46:16
oraclelinux
oraclelinux
openssl security and bug fix update
2023-06-22 00:00:00
redhat
redhat
(RHSA-2023:3722) Moderate: openssl security and bug fix update
2023-06-21 13:52:15

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.004

Percentile

73.0%

JSON
Related for KLA51007
openvas44nessus64mageia1prion4cvelist4freebsd4nvd4cve4debiancve4redos2vulnrichment3ubuntucve4zdi1veracode4ibm11osv12alpinelinux1githubexploit1f51cgr1cbl_mariner6broadcom1openssl1redhatcve1wolfi1malwarebytes1cloudlinux1photon2amazon3debian2ubuntu1cloudfoundry1almalinux1fedora1oraclelinux1redhat1