KLA11236
Multiple vulnerabilities in Oracle VM VirtualBox
Updated: 06/26/2019
Detect date
?
04/17/2018
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Oracle VM VirtualBox. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, gain privileges, read and write local files.

Below is a complete list of vulnerabilities:

  1. Multiple unspecified vulnerabilities in the Core component can be exploited locally to gain privileges;
  2. An unspecified vulnerability in the Core component can be exploited remotely to cause denial of service, obtain sensitive information, read and write local files;
  3. An unspecified vulnerability in the Core component can be exploited remotely to obtain sensitive information.
Affected products

Oracle VM VirtualBox 5.1.x earlier than 5.1.36
Oracle VM VirtualBox 5.2.x earlier than 5.2.10

Solution

Update to the latest version
Download VirtualBox

Original advisories

Oracle Critical Patch Update Advisory – April 2018

Impacts
?
OSI 
[?]

WLF 
[?]

PE 
[?]

RLF 
[?]
CVE-IDS
?
CVE-2018-28354.4Warning
CVE-2018-28364.4Warning
CVE-2018-28374.4Warning
CVE-2018-07394.3Warning
CVE-2018-28424.6Warning
CVE-2018-28434.6Warning
CVE-2018-28444.6Warning
CVE-2018-28454.6Warning
CVE-2018-28604.6Warning
CVE-2018-28304.4Warning
CVE-2018-28312.1Warning