Bug ID 1089997
Summary VUL-0: virtualbox: Multiple vulnerabilities in virtualbox
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee Larry.Finger@lwfinger.net
Reporter kbabioch@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker --- 

CVE-2017-3737
Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle
Virtualization (subcomponent: Core (OpenSSL)). The supported version that is
affected is 5.3. Difficult to exploit vulnerability allows unauthenticated
attacker with network access via TLS to compromise Oracle Secure Global Desktop
(SGD). Successful attacks of this vulnerability can result in unauthorized
access to critical data or complete access to all Oracle Secure Global Desktop
(SGD) accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]


CVE-2017-9798
Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle
Virtualization (subcomponent: Web Server (Apache HTTP Server)). The supported
version that is affected is 5.3. Easily exploitable vulnerability allows
unauthenticated attacker with network access via HTTP to compromise Oracle
Secure Global Desktop (SGD). Successful attacks of this vulnerability can
result in unauthorized access to critical data or complete access to all Oracle
Secure Global Desktop (SGD) accessible data.

CVSS v3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]


CVE-2018-0739
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization
(subcomponent: Core (OpenSSL)). Supported versions that are affected are Prior
to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows
unauthenticated attacker with network access via TLS to compromise Oracle VM
VirtualBox. Successful attacks require human interaction from a person other
than the attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of Oracle VM VirtualBox.

CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). (legend) [Advisory]


CVE-2018-2830
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization
(subcomponent: Core). Supported versions that are affected are Prior to 5.1.36
and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox executes
to compromise Oracle VM VirtualBox. Successful attacks require human
interaction from a person other than the attacker and while the vulnerability
is in Oracle VM VirtualBox, attacks may significantly impact additional
products. Successful attacks of this vulnerability can result in takeover of
Oracle VM VirtualBox.

CVSS v3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). (legend)
[Advisory]


CVE-2018-2831
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization
(subcomponent: Core). Supported versions that are affected are Prior to 5.1.36
and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox executes
to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
VirtualBox, attacks may significantly impact additional products. Successful
attacks of this vulnerability can result in unauthorized read access to a
subset of Oracle VM VirtualBox accessible data.

CVSS v3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). (legend) [Advisory]


CVE-2018-2835
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization
(subcomponent: Core). Supported versions that are affected are Prior to 5.1.36
and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox executes
to compromise Oracle VM VirtualBox. Successful attacks require human
interaction from a person other than the attacker and while the vulnerability
is in Oracle VM VirtualBox, attacks may significantly impact additional
products. Successful attacks of this vulnerability can result in takeover of
Oracle VM VirtualBox.

CVSS v3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). (legend)
[Advisory]


CVE-2018-2836
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization
(subcomponent: Core). Supported versions that are affected are Prior to 5.1.36
and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox executes
to compromise Oracle VM VirtualBox. Successful attacks require human
interaction from a person other than the attacker and while the vulnerability
is in Oracle VM VirtualBox, attacks may significantly impact additional
products. Successful attacks of this vulnerability can result in takeover of
Oracle VM VirtualBox.

CVSS v3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). (legend)
[Advisory]


CVE-2018-2837
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization
(subcomponent: Core). Supported versions that are affected are Prior to 5.1.36
and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox executes
to compromise Oracle VM VirtualBox. Successful attacks require human
interaction from a person other than the attacker and while the vulnerability
is in Oracle VM VirtualBox, attacks may significantly impact additional
products. Successful attacks of this vulnerability can result in takeover of
Oracle VM VirtualBox.

CVSS v3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). (legend)
[Advisory]


CVE-2018-2842
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization
(subcomponent: Core). Supported versions that are affected are Prior to 5.1.36
and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox executes
to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
VirtualBox, attacks may significantly impact additional products. Successful
attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). (legend)
[Advisory]


CVE-2018-2843
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization
(subcomponent: Core). Supported versions that are affected are Prior to 5.1.36
and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox executes
to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
VirtualBox, attacks may significantly impact additional products. Successful
attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). (legend)
[Advisory]


CVE-2018-2844
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization
(subcomponent: Core). Supported versions that are affected are Prior to 5.1.36
and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox executes
to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
VirtualBox, attacks may significantly impact additional products. Successful
attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). (legend)
[Advisory]


CVE-2018-2845
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization
(subcomponent: Core). Supported versions that are affected are Prior to 5.1.36
and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox executes
to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update,
insert or delete access to some of Oracle VM VirtualBox accessible data and
unauthorized read access to a subset of Oracle VM VirtualBox accessible data.

CVSS v3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts).
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H). (legend)
[Advisory]


CVE-2018-2860
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization
(subcomponent: Core). Supported versions that are affected are Prior to 5.1.36
and Prior to 5.2.10. Easily exploitable vulnerability allows high privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox executes
to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
VirtualBox, attacks may significantly impact additional products. Successful
attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS v3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). (legend)
[Advisory]



References:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html

You are receiving this mail because: