Debian Virtualbox vulnerabilities

CVE-2016-0495 [MEDIUM] CVE-2016-0495: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core. Scope: local sid: resolved (fixed in 5.0.14-dfsg-1)

CVE-2016-0592 [LOW] CVE-2016-0592: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core. Scope: local sid: resolved (fixed in 5.0.14-dfsg-1)

CVE-2016-0602 [MEDIUM] CVE-2016-0602: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is an unt

CVE-2015-8104 [CRITICAL] CVE-2015-8104: linux - The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x... The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. Scope: local bookworm: resolved (fixed in 4.2.6-2) bullseye: resolved (fixed in 4.2.6-2) forky: resolved (fixed in 4.2.6-2) sid: resolved (fixed i

CVE-2015-3456 [HIGH] CVE-2015-3456: qemu - The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and K... The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. Scope: local bookworm: resolved (fixed in 1:2.3+dfsg

CVE-2015-7183 [HIGH] CVE-2015-7183: nspr - Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Ru... Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicati

CVE-2015-0377 [MEDIUM] CVE-2015-0377: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418. Scope: local sid: resolved (fixed in 4.3.2-dfsg-1)

CVE-2015-5307 [MEDIUM] CVE-2015-5307: linux - The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x... The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. Scope: local bookworm: resolved (fixed in 4.2.6-1) bullseye: resolved (fixed in 4.2.6-1) forky: resolved (fixed in 4.2.6-1) sid:

CVE-2015-4856 [MEDIUM] CVE-2015-4856: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.30, 4.1.38, 4.2.30, 4.3.26, and 5.0.0 allows local users to affect availability via unknown vectors related to Core. Scope: local sid: resolved (fixed in 5.0.0-dfsg-1)

CVE-2015-2594 [MEDIUM] CVE-2015-2594: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. Scope: local sid: resolved (fixed in 4.3.30-dfsg-1)

CVE-2015-4896 [MEDIUM] CVE-2015-4896: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core. Scope: local sid: resolved (fixed in 5.0.8-dfsg-1)

CVE-2015-4813 [LOW] CVE-2015-4813: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. Scope: local sid: resolved (fixed in 5.0.8-dfsg-1)

CVE-2015-0418 [MEDIUM] CVE-2015-0418: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377. Scope: local sid: resolved (fixed in 4.3.2-dfsg-1)

CVE-2015-0427 [LOW] CVE-2015-0427: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595. Scope: local sid: resolved (fixed in 4.3.18-df

CVE-2014-2489 [MEDIUM] CVE-2014-2489: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. Scope: local sid: resolved (fixed in 4.3.12-dfsg-1)

CVE-2014-0981 [MEDIUM] CVE-2014-0981: virtualbox - VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x befor... VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to

CVE-2014-0983 [MEDIUM] CVE-2014-0983: virtualbox - Multiple array index errors in programs that are automatically generated by VBox... Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted in

CVE-2014-4228 [MEDIUM] CVE-2014-4228: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests. Scope: local sid: resolved (fixed in 4.3.12-dfsg-1)

CVE-2014-2486 [LOW] CVE-2014-2486: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2477. Scope: local sid: resolved (fixed in 4.3.12-dfsg-1)

CVE-2014-0404 [LOW] CVE-2014-0404: virtualbox - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua... Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406. Scope: local sid: resolved (fixed in 4.3.6-dfsg-1)