CVE-2018-2693 — Corporation VM Virtualbox vulnerability

7 documents6 sources

Severity

8.2HIGHNVD

EPSS

0.1%

top 75.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation VM Virtualbox Oracle VM Virtualbox

Timeline

PublishedJan 18

Latest updateMay 13

Description

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attac…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

▶NVDoracle/vm_virtualbox5.1.0 — 5.1.32+1

▶CVEListV5oracle_corporation/vm_virtualboxunspecified — 5.1.32+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-mhjv-4vxr-35qg: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions)↗2022-05-13

▶

CVEList

CVE-2018-2693: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions)↗2018-01-18

▶

OSV

CVE-2018-2693: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions)↗2018-01-18

▶

📋Vendor Advisories

Debian

CVE-2018-2693: virtualbox-guest-additions-iso - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (su...↗2018

▶

💬Community

Bugzilla

CVE-2018-12377 Mozilla: Use-after-free in driver timers↗2018-09-05

▶

Bugzilla

CVE-2018-12378 Mozilla: Use-after-free in IndexedDB↗2018-09-05

▶