Multiple vulnerabilities in Oracle VirtualBox

Description

Multiple vulnerabilities were found in Oracle VirtualBox. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Code execution vulnerability in Core can be exploited to execute arbitrary code and obtain sensitive information.
2. Code execution vulnerability in Core can be exploited to execute arbitrary code and obtain sensitive information and cause denial of service.
3. Information disclosure vulnerability in Core can be exploited to obtain sensitive information.
4. Information disclosure vulnerability in curl can be exploited to obtain sensitive information.

Original advisories

• Oracle Critical Patch Update Advisory – April 2023

Exploitation

Public exploits exist for this vulnerability.

Related products

• Oracle-VirtualBox

CVE list

• CVE-2022-42916
  critical
• CVE-2023-22001
  warning
• CVE-2023-21987
  critical
• CVE-2023-21999
  warning
• CVE-2023-22002
  high
• CVE-2023-21988
  warning
• CVE-2023-22000
  warning
• CVE-2023-21990
  critical
• CVE-2023-21989
  high
• CVE-2023-21998
  warning
• CVE-2023-21991
  warning

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com