The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle VirtualBox

vulnerability alert CVE-2017-10129 CVE-2017-10187 CVE-2017-10204

Oracle VM VirtualBox: vulnerabilities of July 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle VM VirtualBox.
Impacted products: VirtualBox.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 14.
Creation date: 19/07/2017.
Revision date: 24/04/2019.
Identifiers: 1257, 1296, CERTFR-2017-AVI-225, CERTFR-2017-AVI-231, cpujul2017, CVE-2017-10129, CVE-2017-10187, CVE-2017-10204, CVE-2017-10209, CVE-2017-10210, CVE-2017-10233, CVE-2017-10235, CVE-2017-10236, CVE-2017-10237, CVE-2017-10238, CVE-2017-10239, CVE-2017-10240, CVE-2017-10241, CVE-2017-10242, VIGILANCE-VUL-23291.

Description of the vulnerability

Several vulnerabilities were announced in Oracle VM VirtualBox.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 27725

VirtualBox: privilege escalation via DevE1000-e1kXmitPending

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via DevE1000::e1kXmitPending() of VirtualBox, in order to escalate his privileges on the host system.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 08/11/2018.
Identifiers: 12, openSUSE-SU-2018:3876-1, VIGILANCE-VUL-27725.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via DevE1000::e1kXmitPending() of VirtualBox, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-3005 CVE-2018-3055 CVE-2018-3085

Oracle VM VirtualBox: vulnerabilities of July 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on server, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 9.
Creation date: 18/07/2018.
Identifiers: CERTFR-2018-AVI-351, cpujul2018, CVE-2018-3005, CVE-2018-3055, CVE-2018-3085, CVE-2018-3086, CVE-2018-3087, CVE-2018-3088, CVE-2018-3089, CVE-2018-3090, CVE-2018-3091, openSUSE-SU-2018:2295-1, openSUSE-SU-2018:2524-1, VIGILANCE-VUL-26770, ZDI-18-684, ZDI-18-685, ZDI-18-686, ZDI-18-687, ZDI-18-688, ZDI-18-689, ZDI-18-690, ZDI-18-691.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0732

OpenSSL: denial of service via Large DH Parameter

Synthesis of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, AIX, IBM i, Rational ClearCase, QRadar SIEM, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Palo Alto Firewall PA***, PAN-OS, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 2/4.
Consequences: denial of service on client.
Provenance: internet server.
Creation date: 12/06/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpuoct2018, CVE-2018-0732, DLA-1449-1, DSA-4348-1, DSA-4355-1, ibm10719319, ibm10729805, ibm10738401, ibm10743283, ibm10874728, JSA10919, K21665601, openSUSE-SU-2018:1906-1, openSUSE-SU-2018:2117-1, openSUSE-SU-2018:2129-1, openSUSE-SU-2018:2667-1, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2816-1, openSUSE-SU-2018:2855-1, openSUSE-SU-2018:3013-1, openSUSE-SU-2018:3015-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:1887-1, SUSE-SU-2018:1968-1, SUSE-SU-2018:2036-1, SUSE-SU-2018:2041-1, SUSE-SU-2018:2207-1, SUSE-SU-2018:2647-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2812-1, SUSE-SU-2018:2956-1, SUSE-SU-2018:2965-1, SYMSA1462, TNS-2018-14, TNS-2018-17, TSB17568, USN-3692-1, USN-3692-2, VIGILANCE-VUL-26375.

Description of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-2830 CVE-2018-2831 CVE-2018-2835

Oracle VM VirtualBox: vulnerabilities of April 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 18/04/2018.
Identifiers: CERTFR-2018-AVI-190, cpuapr2018, CVE-2018-2830, CVE-2018-2831, CVE-2018-2835, CVE-2018-2836, CVE-2018-2837, CVE-2018-2842, CVE-2018-2843, CVE-2018-2844, CVE-2018-2845, CVE-2018-2860, openSUSE-SU-2018:1057-1, openSUSE-SU-2018:2524-1, VIGILANCE-VUL-25902, ZDI-18-302, ZDI-18-303, ZDI-18-304, ZDI-18-305.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0737

OpenSSL: information disclosure via RSA Constant Time Key Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Impacted products: Debian, AIX, BladeCenter, IBM i, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenBSD, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Palo Alto Firewall PA***, PAN-OS, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 17/04/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpuoct2018, CVE-2018-0737, DLA-1449-1, DSA-4348-1, DSA-4355-1, ibm10729805, ibm10743283, ibm10880781, JSA10919, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2957-1, openSUSE-SU-2018:3015-1, openSUSE-SU-2019:0152-1, openSUSE-SU-2019:1432-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:2486-1, SUSE-SU-2018:2492-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2928-1, SUSE-SU-2018:2965-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2019:0197-1, SUSE-SU-2019:0512-1, TNS-2018-14, TNS-2018-17, TSB17568, USN-3628-1, USN-3628-2, USN-3692-1, USN-3692-2, VIGILANCE-VUL-25884.

Description of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-2676 CVE-2018-2685 CVE-2018-2686

Oracle VM VirtualBox: vulnerabilities of January 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 10.
Creation date: 17/01/2018.
Revisions dates: 19/01/2018, 25/01/2018.
Identifiers: CERTFR-2018-AVI-039, cpujan2018, CVE-2018-2676, CVE-2018-2685, CVE-2018-2686, CVE-2018-2687, CVE-2018-2688, CVE-2018-2689, CVE-2018-2690, CVE-2018-2693, CVE-2018-2694, CVE-2018-2698, openSUSE-SU-2018:0187-1, openSUSE-SU-2018:2524-1, VIGILANCE-VUL-25085, WLB-2018010260, ZDI-18-117, ZDI-18-118, ZDI-18-119, ZDI-18-120, ZDI-18-121, ZDI-18-122.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-3738

OpenSSL: information disclosure via rsaz_1024_mul_avx2

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via rsaz_1024_mul_avx2() of OpenSSL, in order to obtain sensitive information.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, FreeBSD, hMailServer, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Percona Server, pfSense, RHEL, Slackware, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, WinSCP, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 07/12/2017.
Identifiers: 2014324, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-452, CERTFR-2018-AVI-155, cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3738, DSA-4065-1, DSA-4157-1, FEDORA-2017-e6be32cb7a, FreeBSD-SA-17:12.openssl, ibm10716907, ibm10717405, ibm10717409, ibm10719113, JSA10851, openSUSE-SU-2017:3345-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, SA159, SSA:2017-342-01, swg21647054, USN-3512-1, VIGILANCE-VUL-24698.

Description of the vulnerability

An attacker can bypass access restrictions to data via rsaz_1024_mul_avx2() of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3737

OpenSSL: information disclosure via SSL_read/SSL_write After Error

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SSL_read/SSL_write After Error of OpenSSL, in order to obtain sensitive information.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, FreeBSD, hMailServer, AIX, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, OpenSSL, openSUSE Leap, Oracle Fusion Middleware, Solaris, Tuxedo, VirtualBox, WebLogic, Percona Server, pfSense, RHEL, SIMATIC, Slackware, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, WinSCP, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 07/12/2017.
Identifiers: 2014324, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-452, CERTFR-2018-AVI-376, cpuapr2018, cpujan2018, cpujul2018, CVE-2017-3737, DSA-4065-1, FreeBSD-SA-17:12.openssl, ibm10715641, ibm10716907, ibm10717405, ibm10717409, ibm10719113, ibm10738249, JSA10851, JSA10873, openSUSE-SU-2017:3345-1, openSUSE-SU-2018:0223-1, openSUSE-SU-2018:1057-1, RHSA-2018:0998-01, SA159, SSA-179516, SSA:2017-342-01, swg21647054, USN-3512-1, VIGILANCE-VUL-24697.

Description of the vulnerability

An attacker can bypass access restrictions to data via SSL_read/SSL_write After Error of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-10392 CVE-2017-10407 CVE-2017-10408

Oracle VM VirtualBox: vulnerabilities of October 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle VM VirtualBox.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 3/4.
Consequences: administrator access/rights, user access/rights, data reading, denial of service on server, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 18/10/2017.
Identifiers: CERTFR-2017-AVI-368, cpuoct2017, CVE-2017-10392, CVE-2017-10407, CVE-2017-10408, CVE-2017-10428, openSUSE-SU-2017:2975-1, VIGILANCE-VUL-24165.

Description of the vulnerability

Several vulnerabilities were announced in Oracle VM VirtualBox.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle VirtualBox: