rpm package

opensuse/virtualbox&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/virtualbox&distro=openSUSE%20Tumbleweed

Vulnerabilities (87)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-0732		—	< 6.1.26-3.2	6.1.26-3.2	Jun 12, 2018	During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client
CVE-2018-2842		—	< 6.1.26-3.2	6.1.26-3.2	Apr 19, 2018	Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where
CVE-2018-0739		—	< 6.1.26-3.2	6.1.26-3.2	Mar 27, 2018	Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from u
CVE-2018-2694		—	< 6.1.26-3.2	6.1.26-3.2	Jan 18, 2018	Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where O
CVE-2018-2689		—	< 6.1.26-3.2	6.1.26-3.2	Jan 18, 2018	Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where
CVE-2017-10392	Hig	7.3	< 6.1.26-3.2	6.1.26-3.2	Oct 19, 2017	Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualB
CVE-2017-3561	Hig	8.8	< 6.1.26-3.2	6.1.26-3.2	Apr 24, 2017	Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure wher
CVE-2017-3559	Hig	7.9	< 6.1.26-3.2	6.1.26-3.2	Apr 24, 2017	Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure wher
CVE-2017-3316	Hig	8.4	< 6.1.26-3.2	6.1.26-3.2	Jan 27, 2017	Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via mult
CVE-2016-5611	Med	4.3	< 5.1.10-2.5	5.1.10-2.5	Oct 25, 2016	Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.
CVE-2016-5610	Med	6.8	< 5.1.10-2.5	5.1.10-2.5	Oct 25, 2016	Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
CVE-2016-5608	Med	5.5	< 5.1.10-2.5	5.1.10-2.5	Oct 25, 2016	Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.
CVE-2016-5605	Cri	9.1	< 5.1.10-2.5	5.1.10-2.5	Oct 25, 2016	Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE.
CVE-2016-5538	Med	6.7	< 5.1.10-2.5	5.1.10-2.5	Oct 25, 2016	Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501.
CVE-2016-5501	Hig	7.8	< 5.1.10-2.5	5.1.10-2.5	Oct 25, 2016	Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.
CVE-2016-0678	Med	6.7	< 5.1.10-2.5	5.1.10-2.5	Apr 21, 2016	Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
CVE-2015-4896		—	< 5.1.10-2.5	5.1.10-2.5	Oct 21, 2015	Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related
CVE-2015-4813		—	< 5.1.10-2.5	5.1.10-2.5	Oct 21, 2015	Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core.
CVE-2015-3456		—	< 5.1.10-2.5	5.1.10-2.5	May 13, 2015	The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, o
CVE-2015-0427		—	< 5.1.10-2.5	5.1.10-2.5	Jan 21, 2015	Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-201

CVE-2018-0732Jun 12, 2018
affected < 6.1.26-3.2fixed 6.1.26-3.2
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client
CVE-2018-2842Apr 19, 2018
affected < 6.1.26-3.2fixed 6.1.26-3.2
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where
CVE-2018-0739Mar 27, 2018
affected < 6.1.26-3.2fixed 6.1.26-3.2
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from u
CVE-2018-2694Jan 18, 2018
affected < 6.1.26-3.2fixed 6.1.26-3.2
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where O
CVE-2018-2689Jan 18, 2018
affected < 6.1.26-3.2fixed 6.1.26-3.2
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where
CVE-2017-10392HigOct 19, 2017
affected < 6.1.26-3.2fixed 6.1.26-3.2
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualB
CVE-2017-3561HigApr 24, 2017
affected < 6.1.26-3.2fixed 6.1.26-3.2
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure wher
CVE-2017-3559HigApr 24, 2017
affected < 6.1.26-3.2fixed 6.1.26-3.2
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure wher
CVE-2017-3316HigJan 27, 2017
affected < 6.1.26-3.2fixed 6.1.26-3.2
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via mult
CVE-2016-5611MedOct 25, 2016
affected < 5.1.10-2.5fixed 5.1.10-2.5
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.
CVE-2016-5610MedOct 25, 2016
affected < 5.1.10-2.5fixed 5.1.10-2.5
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
CVE-2016-5608MedOct 25, 2016
affected < 5.1.10-2.5fixed 5.1.10-2.5
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.
CVE-2016-5605CriOct 25, 2016
affected < 5.1.10-2.5fixed 5.1.10-2.5
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE.
CVE-2016-5538MedOct 25, 2016
affected < 5.1.10-2.5fixed 5.1.10-2.5
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501.
CVE-2016-5501HigOct 25, 2016
affected < 5.1.10-2.5fixed 5.1.10-2.5
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.
CVE-2016-0678MedApr 21, 2016
affected < 5.1.10-2.5fixed 5.1.10-2.5
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
CVE-2015-4896Oct 21, 2015
affected < 5.1.10-2.5fixed 5.1.10-2.5
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related
CVE-2015-4813Oct 21, 2015
affected < 5.1.10-2.5fixed 5.1.10-2.5
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core.
CVE-2015-3456May 13, 2015
affected < 5.1.10-2.5fixed 5.1.10-2.5
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, o
CVE-2015-0427Jan 21, 2015
affected < 5.1.10-2.5fixed 5.1.10-2.5
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-201

Page 4 of 5