git: 7be06437cf4d - main - security/vuxml: Document vulnerabilities in emulators/virtualbox-ose*
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 20 Jul 2023 06:41:35 UTC
The branch main has been updated by fernape:
URL: https://cgit.FreeBSD.org/ports/commit/?id=7be06437cf4dde2f4e096c225bebe415225f64ab
commit 7be06437cf4dde2f4e096c225bebe415225f64ab
Author: Patrick R Groeneveld <groenveld@acm.org>
AuthorDate: 2023-07-20 06:40:26 +0000
Commit: Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-07-20 06:40:26 +0000
security/vuxml: Document vulnerabilities in emulators/virtualbox-ose*
ChangeLog: https://www.oracle.com/security-alerts/
PR: 271141
Reported by: grahamperrin@freebsd.org
---
security/vuxml/vuln/2023.xml | 112 ++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 111 insertions(+), 1 deletion(-)
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 432b181ed6d3..3f3efe62dd05 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,109 @@
+ <vuln vid="f32b1fbd-264d-11ee-a468-80fa5b29d485">
+ <topic>virtualbox-ose -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>virtualbox-ose</name>
+ <range><lt>6.1.46</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>secalert_us@oracle.com reports:</p>
+ <blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html">
+ <p>Vulnerability in the Oracle VM VirtualBox product of Oracle
+ Virtualization (component: Core). Supported versions that are
+ affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable
+ vulnerability allows high privileged attacker with logon to the
+ infrastructure where Oracle VM VirtualBox executes to compromise
+ Oracle VM VirtualBox. Successful attacks require human interaction
+ from a person other than the attacker. Successful attacks of this
+ vulnerability can result in unauthorized ability to cause a hang
+ or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.
+ CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector:
+ (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2023-22016</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-22016</url>
+ </references>
+ <dates>
+ <discovery>2023-07-18</discovery>
+ <entry>2023-07-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cf40e8b7-264d-11ee-a468-80fa5b29d485">
+ <topic>virtualbox-ose -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>virtualbox-ose</name>
+ <range><lt>6.1.46</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>secalert_us@oracle.com reports:</p>
+ <blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html">
+ <p>Vulnerability in the Oracle VM VirtualBox product of Oracle
+ Virtualization (component: Core). Supported versions that are
+ affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable
+ vulnerability allows low privileged attacker with logon to the
+ infrastructure where Oracle VM VirtualBox executes to compromise
+ Oracle VM VirtualBox. Successful attacks of this vulnerability can
+ result in unauthorized ability to cause a hang or frequently
+ repeatable crash (complete DOS) of Oracle VM VirtualBox. Note:
+ This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score
+ 5.5 (Availability impacts). CVSS Vector:
+ (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2023-22017</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-22017</url>
+ </references>
+ <dates>
+ <discovery>2023-07-18</discovery>
+ <entry>2023-07-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bc90e894-264b-11ee-a468-80fa5b29d485">
+ <topic>virtualbox-ose -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>virtualbox-ose</name>
+ <range><lt>6.1.46</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>secalert_us@oracle.com reports:</p>
+ <blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html">
+ <p>Vulnerability in the Oracle VM VirtualBox product of Oracle
+ Virtualization (component: Core). Supported versions that are
+ affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to
+ exploit vulnerability allows unauthenticated attacker with network
+ access via RDP to compromise Oracle VM VirtualBox. Successful
+ attacks of this vulnerability can result in takeover of Oracle VM
+ VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity
+ and Availability impacts). CVSS Vector:
+ (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2023-22018</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-22018</url>
+ </references>
+ <dates>
+ <discovery>2023-07-18</discovery>
+ <entry>2023-07-19</entry>
+ </dates>
+ </vuln>
+
<vuln vid="c70c3dc3-258c-11ee-b37b-901b0e9408dc">
<topic>element-web -- Cross site scripting in Export Chat feature</topic>
<affects>
@@ -4757,6 +4863,10 @@
<name>openssl-quic</name>
<range><lt>3.0.8_1</lt></range>
</package>
+ <package>
+ <name>virtualbox-ose</name>
+ <range><lt>6.1.46</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -4779,7 +4889,7 @@
<dates>
<discovery>2023-03-23</discovery>
<entry>2023-03-24</entry>
- <modified>2023-03-24</modified>
+ <modified>2023-07-19</modified>
</dates>
</vuln>