Описание
Multiple serious vulnerabilities have been found in Oracle VM VirtualBox. Malicious users can exploit these vulnerabilities to to cause a denial of service, read and write accesible data and possibly to obtain sensitive information.
Below is a complete list of vulnerabilities:
- Multiple unspecified vulnerabilities in subcomponent Core of Oracle Virtualization component can be exploited remotely possibly to obtain sensitive information;
- An unspecified vulnerability in subcomponent Core of Oracle Virtualization component can be exploited remotely to cause a denial of service (it can be either hang or frequently repeatable crash), write to some of Oracle VM VirtualBox accessible data;
- An unspecified vulnerability in subcomponent Core of Oracle Virtualization component can be exploited remotely to cause a partial denial of service, read a subset of Oracle VM VirtualBox accessible data;
- Multiple unspecified vulnerabilities in subcomponent Core of Oracle Virtualization component can be exploited remotely to cause a denial of service (it can be either hang or frequently repeatable crash), write to some of Oracle VM VirtualBox accessible data and read a subset of Oracle VM VirtualBox accessible data;
- An unspecified vulnerability in subcomponent Core of Oracle Virtualization component can be exploited remotely to cause a denial of service (it can be either hang or frequently repeatable crash), write to some of Oracle VM VirtualBox accessible data;
- An unspecified vulnerability in subcomponent Core of Oracle Virtualization component can be exploited remotely to cause a partial denial of service, write to some of Oracle VM VirtualBox accessible data;
Technical details
Vulnerabilities (1)-(3) can be exploited by a low privileged user with logon to the infrastructure where OracleVM VirtualBox is executed.
Vulnerabilities (4)-(6) can be exploited by a high privileged user with logon to the infrastructure where OracleVM VirtualBox is executed.
NB: These vulnerabilities do not have any public CVSS rating so rating can be changed by the time.
NB: At this moment Oracle has just reserved CVE numbers for these vulnerabilities. Information can be changed soon.
Первичный источник обнаружения
Эксплуатация
Public exploits exist for this vulnerability.
Связанные продукты
Список CVE
- CVE-2017-10204 warning
- CVE-2017-10129 warning
- CVE-2017-10210 warning
- CVE-2017-10233 warning
- CVE-2017-10236 warning
- CVE-2017-10237 warning
- CVE-2017-10238 warning
- CVE-2017-10239 warning
- CVE-2017-10240 warning
- CVE-2017-10241 warning
- CVE-2017-10242 warning
- CVE-2017-10235 warning
- CVE-2017-10209 warning
- CVE-2017-10187 warning
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com