The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle VirtualBox

vulnerability announce CVE-2019-2574 CVE-2019-2656 CVE-2019-2657

Oracle VM VirtualBox: vulnerabilities of April 2019

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on server, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 12.
Creation date: 17/04/2019.
Revisions dates: 18/04/2019, 25/04/2019, 30/04/2019.
Identifiers: 1811, CERTFR-2019-AVI-177, cpuapr2019, CVE-2019-2574, CVE-2019-2656, CVE-2019-2657, CVE-2019-2678, CVE-2019-2679, CVE-2019-2680, CVE-2019-2690, CVE-2019-2696, CVE-2019-2703, CVE-2019-2721, CVE-2019-2722, CVE-2019-2723, openSUSE-SU-2019:1814-1, VIGILANCE-VUL-29052, ZDI-19-376, ZDI-19-377, ZDI-19-378, ZDI-19-379, ZDI-19-380, ZDI-19-381, ZDI-19-382, ZDI-19-383, ZDI-19-384, ZDI-19-385, ZDI-19-386, ZDI-19-387, ZDI-19-388, ZDI-19-389, ZDI-19-390, ZDI-19-391, ZDI-19-392, ZDI-19-393, ZDI-19-394, ZDI-19-395, ZDI-19-396, ZDI-19-397, ZDI-19-398, ZDI-19-423, ZDI-19-424, ZDI-19-425.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-10129 CVE-2017-10187 CVE-2017-10204

Oracle VM VirtualBox: vulnerabilities of July 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle VM VirtualBox.
Impacted products: VirtualBox.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 14.
Creation date: 19/07/2017.
Revision date: 24/04/2019.
Identifiers: 1257, 1296, CERTFR-2017-AVI-225, CERTFR-2017-AVI-231, cpujul2017, CVE-2017-10129, CVE-2017-10187, CVE-2017-10204, CVE-2017-10209, CVE-2017-10210, CVE-2017-10233, CVE-2017-10235, CVE-2017-10236, CVE-2017-10237, CVE-2017-10238, CVE-2017-10239, CVE-2017-10240, CVE-2017-10241, CVE-2017-10242, VIGILANCE-VUL-23291.

Description of the vulnerability

Several vulnerabilities were announced in Oracle VM VirtualBox.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-1543

OpenSSL: information disclosure via ChaCha20-Poly1305 Long Nonces

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ChaCha20-Poly1305 Long Nonces of OpenSSL, in order to obtain sensitive information.
Impacted products: Debian, IBM i, OpenSSL, openSUSE Leap, VirtualBox, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 06/03/2019.
Identifiers: cpujul2019, CVE-2019-1543, DSA-4475-1, ibm10967487, openSUSE-SU-2019:1147-1, openSUSE-SU-2019:1814-1, SUSE-SU-2019:0678-1, SUSE-SU-2019:0787-1, VIGILANCE-VUL-28682.

Description of the vulnerability

An attacker can bypass access restrictions to data via ChaCha20-Poly1305 Long Nonces of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 27725

VirtualBox: privilege escalation via DevE1000-e1kXmitPending

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via DevE1000::e1kXmitPending() of VirtualBox, in order to escalate his privileges on the host system.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 08/11/2018.
Identifiers: 12, openSUSE-SU-2018:3876-1, VIGILANCE-VUL-27725.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via DevE1000::e1kXmitPending() of VirtualBox, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-2909 CVE-2018-3287 CVE-2018-3288

Oracle VM VirtualBox: vulnerabilities of October 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 3/4.
Consequences: administrator access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 13.
Creation date: 17/10/2018.
Identifiers: CERTFR-2018-AVI-497, cpuoct2018, CVE-2018-2909, CVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290, CVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294, CVE-2018-3295, CVE-2018-3296, CVE-2018-3297, CVE-2018-3298, openSUSE-SU-2019:1814-1, VIGILANCE-VUL-27512, ZDI-18-1264, ZDI-18-1265, ZDI-18-1266, ZDI-18-1267, ZDI-18-1268, ZDI-18-1269, ZDI-18-1270, ZDI-18-1271, ZDI-18-1272, ZDI-18-1274, ZDI-18-1275, ZDI-18-1276, ZDI-18-1277, ZDI-18-1278, ZDI-18-1292, ZDI-18-1447, ZDI-18-1448, ZDI-18-1449.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-3005 CVE-2018-3055 CVE-2018-3085

Oracle VM VirtualBox: vulnerabilities of July 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on server, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 9.
Creation date: 18/07/2018.
Identifiers: CERTFR-2018-AVI-351, cpujul2018, CVE-2018-3005, CVE-2018-3055, CVE-2018-3085, CVE-2018-3086, CVE-2018-3087, CVE-2018-3088, CVE-2018-3089, CVE-2018-3090, CVE-2018-3091, openSUSE-SU-2018:2295-1, openSUSE-SU-2018:2524-1, VIGILANCE-VUL-26770, ZDI-18-684, ZDI-18-685, ZDI-18-686, ZDI-18-687, ZDI-18-688, ZDI-18-689, ZDI-18-690, ZDI-18-691.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0732

OpenSSL: denial of service via Large DH Parameter

Synthesis of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, AIX, IBM i, Rational ClearCase, QRadar SIEM, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Palo Alto Firewall PA***, PAN-OS, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 2/4.
Consequences: denial of service on client.
Provenance: internet server.
Creation date: 12/06/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0732, DLA-1449-1, DSA-4348-1, DSA-4355-1, ibm10719319, ibm10729805, ibm10738401, ibm10743283, ibm10874728, JSA10919, K21665601, openSUSE-SU-2018:1906-1, openSUSE-SU-2018:2117-1, openSUSE-SU-2018:2129-1, openSUSE-SU-2018:2667-1, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2816-1, openSUSE-SU-2018:2855-1, openSUSE-SU-2018:3013-1, openSUSE-SU-2018:3015-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:1887-1, SUSE-SU-2018:1968-1, SUSE-SU-2018:2036-1, SUSE-SU-2018:2041-1, SUSE-SU-2018:2207-1, SUSE-SU-2018:2647-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2812-1, SUSE-SU-2018:2956-1, SUSE-SU-2018:2965-1, SUSE-SU-2019:1553-1, SYMSA1462, TNS-2018-14, TNS-2018-17, TSB17568, USN-3692-1, USN-3692-2, VIGILANCE-VUL-26375.

Description of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-2830 CVE-2018-2831 CVE-2018-2835

Oracle VM VirtualBox: vulnerabilities of April 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 18/04/2018.
Identifiers: CERTFR-2018-AVI-190, cpuapr2018, CVE-2018-2830, CVE-2018-2831, CVE-2018-2835, CVE-2018-2836, CVE-2018-2837, CVE-2018-2842, CVE-2018-2843, CVE-2018-2844, CVE-2018-2845, CVE-2018-2860, openSUSE-SU-2018:1057-1, openSUSE-SU-2018:2524-1, VIGILANCE-VUL-25902, ZDI-18-302, ZDI-18-303, ZDI-18-304, ZDI-18-305.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0737

OpenSSL: information disclosure via RSA Constant Time Key Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Impacted products: Debian, AIX, BladeCenter, IBM i, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenBSD, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Palo Alto Firewall PA***, PAN-OS, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 17/04/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0737, DLA-1449-1, DSA-4348-1, DSA-4355-1, ibm10729805, ibm10743283, ibm10880781, JSA10919, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2957-1, openSUSE-SU-2018:3015-1, openSUSE-SU-2019:0152-1, openSUSE-SU-2019:1432-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:2486-1, SUSE-SU-2018:2492-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2928-1, SUSE-SU-2018:2965-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2019:0197-1, SUSE-SU-2019:0512-1, SUSE-SU-2019:1553-1, TNS-2018-14, TNS-2018-17, TSB17568, USN-3628-1, USN-3628-2, USN-3692-1, USN-3692-2, VIGILANCE-VUL-25884.

Description of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-2676 CVE-2018-2685 CVE-2018-2686

Oracle VM VirtualBox: vulnerabilities of January 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 10.
Creation date: 17/01/2018.
Revisions dates: 19/01/2018, 25/01/2018.
Identifiers: CERTFR-2018-AVI-039, cpujan2018, CVE-2018-2676, CVE-2018-2685, CVE-2018-2686, CVE-2018-2687, CVE-2018-2688, CVE-2018-2689, CVE-2018-2690, CVE-2018-2693, CVE-2018-2694, CVE-2018-2698, openSUSE-SU-2018:0187-1, openSUSE-SU-2018:2524-1, VIGILANCE-VUL-25085, WLB-2018010260, ZDI-18-117, ZDI-18-118, ZDI-18-119, ZDI-18-120, ZDI-18-121, ZDI-18-122.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle VirtualBox: