The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle VirtualBox

security alert CVE-2019-1563

OpenSSL: information disclosure via PKCS7/CMS Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via PKCS7/CMS Padding Oracle of OpenSSL, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 11/09/2019.
Identifiers: CERTFR-2019-AVI-444, cpuoct2019, CVE-2019-1563, DLA-1932-1, DSA-4539-1, DSA-4539-2, DSA-4539-3, DSA-4540-1, NTAP-20190919-0002, openSUSE-SU-2019:2158-1, openSUSE-SU-2019:2189-1, openSUSE-SU-2019:2268-1, openSUSE-SU-2019:2269-1, SSA:2019-254-03, STORM-2019-018, SUSE-SU-2019:14171-1, SUSE-SU-2019:14174-1, SUSE-SU-2019:2397-1, SUSE-SU-2019:2403-1, SUSE-SU-2019:2410-1, SUSE-SU-2019:2413-1, SUSE-SU-2019:2504-1, SUSE-SU-2019:2558-1, SUSE-SU-2019:2561-1, VIGILANCE-VUL-30293.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via PKCS7/CMS Padding Oracle of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-1549

OpenSSL: information disclosure via Fork Protection Low Random

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Fork Protection Low Random of OpenSSL, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 11/09/2019.
Identifiers: CERTFR-2019-AVI-444, cpuoct2019, CVE-2019-1549, DSA-4539-1, DSA-4539-2, DSA-4539-3, NTAP-20190919-0002, VIGILANCE-VUL-30292.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Fork Protection Low Random of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2019-1547

OpenSSL: information disclosure via ECDSA Falls Back

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Falls Back of OpenSSL, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 11/09/2019.
Identifiers: CERTFR-2019-AVI-444, cpuoct2019, CVE-2019-1547, DLA-1932-1, DSA-4539-1, DSA-4539-2, DSA-4539-3, DSA-4540-1, NTAP-20190919-0002, openSUSE-SU-2019:2158-1, openSUSE-SU-2019:2189-1, openSUSE-SU-2019:2268-1, openSUSE-SU-2019:2269-1, SSA:2019-254-03, SUSE-SU-2019:14171-1, SUSE-SU-2019:14174-1, SUSE-SU-2019:2397-1, SUSE-SU-2019:2403-1, SUSE-SU-2019:2410-1, SUSE-SU-2019:2413-1, SUSE-SU-2019:2504-1, SUSE-SU-2019:2558-1, SUSE-SU-2019:2561-1, VIGILANCE-VUL-30291.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Falls Back of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-1552

OpenSSL Windows: privilege escalation via OPENSSLDIR

Synthesis of the vulnerability

An attacker can bypass restrictions via OPENSSLDIR of OpenSSL Windows, in order to escalate his privileges.
Severity: 2/4.
Creation date: 31/07/2019.
Identifiers: CERTFR-2019-AVI-362, cpuoct2019, CVE-2019-1552, FEDORA-2019-00c25b9379, VIGILANCE-VUL-29914.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via OPENSSLDIR of OpenSSL Windows, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2019-2574 CVE-2019-2656 CVE-2019-2657

Oracle VM VirtualBox: vulnerabilities of April 2019

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 12.
Creation date: 17/04/2019.
Revisions dates: 18/04/2019, 25/04/2019, 30/04/2019.
Identifiers: 1811, CERTFR-2019-AVI-177, cpuapr2019, CVE-2019-2574, CVE-2019-2656, CVE-2019-2657, CVE-2019-2678, CVE-2019-2679, CVE-2019-2680, CVE-2019-2690, CVE-2019-2696, CVE-2019-2703, CVE-2019-2721, CVE-2019-2722, CVE-2019-2723, openSUSE-SU-2019:1814-1, VIGILANCE-VUL-29052, ZDI-19-376, ZDI-19-377, ZDI-19-378, ZDI-19-379, ZDI-19-380, ZDI-19-381, ZDI-19-382, ZDI-19-383, ZDI-19-384, ZDI-19-385, ZDI-19-386, ZDI-19-387, ZDI-19-388, ZDI-19-389, ZDI-19-390, ZDI-19-391, ZDI-19-392, ZDI-19-393, ZDI-19-394, ZDI-19-395, ZDI-19-396, ZDI-19-397, ZDI-19-398, ZDI-19-423, ZDI-19-424, ZDI-19-425.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2017-10129 CVE-2017-10187 CVE-2017-10204

Oracle VM VirtualBox: vulnerabilities of July 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle VM VirtualBox.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 14.
Creation date: 19/07/2017.
Revision date: 24/04/2019.
Identifiers: 1257, 1296, CERTFR-2017-AVI-225, CERTFR-2017-AVI-231, cpujul2017, CVE-2017-10129, CVE-2017-10187, CVE-2017-10204, CVE-2017-10209, CVE-2017-10210, CVE-2017-10233, CVE-2017-10235, CVE-2017-10236, CVE-2017-10237, CVE-2017-10238, CVE-2017-10239, CVE-2017-10240, CVE-2017-10241, CVE-2017-10242, VIGILANCE-VUL-23291.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle VM VirtualBox.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-1543

OpenSSL: information disclosure via ChaCha20-Poly1305 Long Nonces

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ChaCha20-Poly1305 Long Nonces of OpenSSL, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 06/03/2019.
Identifiers: cpujul2019, CVE-2019-1543, DSA-4475-1, ibm10967487, openSUSE-SU-2019:1147-1, openSUSE-SU-2019:1814-1, RHSA-2019:3700-01, SUSE-SU-2019:0678-1, SUSE-SU-2019:0787-1, VIGILANCE-VUL-28682.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via ChaCha20-Poly1305 Long Nonces of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2018-3309 CVE-2019-2446 CVE-2019-2448

Oracle VM VirtualBox: vulnerabilities of January 2019

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 27.
Creation date: 16/01/2019.
Identifiers: CERTFR-2019-AVI-024, cpujan2019, CVE-2018-3309, CVE-2019-2446, CVE-2019-2448, CVE-2019-2450, CVE-2019-2451, CVE-2019-2500, CVE-2019-2501, CVE-2019-2504, CVE-2019-2505, CVE-2019-2506, CVE-2019-2508, CVE-2019-2509, CVE-2019-2511, CVE-2019-2520, CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2524, CVE-2019-2525, CVE-2019-2526, CVE-2019-2527, CVE-2019-2548, CVE-2019-2552, CVE-2019-2553, CVE-2019-2554, CVE-2019-2555, CVE-2019-2556, FG-VD-18-162, openSUSE-SU-2019:0084-1, openSUSE-SU-2019:1547-1, openSUSE-SU-2019:1814-1, VIGILANCE-VUL-28293, ZDI-19-034, ZDI-19-035, ZDI-19-036, ZDI-19-037, ZDI-19-038, ZDI-19-040, ZDI-19-041, ZDI-19-042, ZDI-19-043, ZDI-19-044, ZDI-19-045, ZDI-19-046, ZDI-19-047, ZDI-19-048, ZDI-19-049, ZDI-19-050, ZDI-19-051, ZDI-19-052, ZDI-19-053.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin 27725

VirtualBox: privilege escalation via DevE1000-e1kXmitPending

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via DevE1000::e1kXmitPending() of VirtualBox, in order to escalate his privileges on the host system.
Severity: 2/4.
Creation date: 08/11/2018.
Identifiers: 12, openSUSE-SU-2018:3876-1, VIGILANCE-VUL-27725.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via DevE1000::e1kXmitPending() of VirtualBox, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2018-2909 CVE-2018-3287 CVE-2018-3288

Oracle VM VirtualBox: vulnerabilities of October 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 13.
Creation date: 17/10/2018.
Identifiers: CERTFR-2018-AVI-497, cpuoct2018, CVE-2018-2909, CVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290, CVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294, CVE-2018-3295, CVE-2018-3296, CVE-2018-3297, CVE-2018-3298, openSUSE-SU-2019:1814-1, VIGILANCE-VUL-27512, ZDI-18-1264, ZDI-18-1265, ZDI-18-1266, ZDI-18-1267, ZDI-18-1268, ZDI-18-1269, ZDI-18-1270, ZDI-18-1271, ZDI-18-1272, ZDI-18-1274, ZDI-18-1275, ZDI-18-1276, ZDI-18-1277, ZDI-18-1278, ZDI-18-1292, ZDI-18-1447, ZDI-18-1448, ZDI-18-1449.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle VirtualBox: