Oracle Vm Virtualbox vulnerabilities
408 known vulnerabilities affecting oracle/vm_virtualbox.
Total CVEs
408
CISA KEV
1
actively exploited
Public exploits
21
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH190MEDIUM163LOW50
Vulnerabilities
Page 20 of 21
CVE-2015-0418LOWCVSS 2.1≤ 3.2.24v3.2.0+57 more2015-01-21
CVE-2015-0418 [LOW] CVE-2015-0418: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377.
nvd
CVE-2014-6588LOWCVSS 3.2≤ 4.3.182015-01-21
CVE-2014-6588 [LOW] CVE-2014-6588: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.
nvd
CVE-2014-6590LOWCVSS 3.2≤ 4.3.182015-01-21
CVE-2014-6590 [LOW] CVE-2014-6590: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427.
nvd
CVE-2014-6595LOWCVSS 3.2≤ 4.3.182015-01-21
CVE-2014-6595 [LOW] CVE-2014-6595: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427.
nvd
CVE-2014-6540LOWCVSS 1.9≤ 4.2.24v4.2.0+35 more2014-10-15
CVE-2014-6540 [LOW] CVE-2014-6540: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, before 4.2.26, and before 4.3.14 allows local users to affect availability via vectors related to Graphics driver (WDDM) for Windows guests.
nvd
CVE-2014-4228MEDIUMCVSS 4.4≤ 4.1.32v4.1.0+34 more2014-07-17
CVE-2014-4228 [MEDIUM] CVE-2014-4228: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.
nvd
CVE-2014-4261MEDIUMCVSS 6.9≤ 4.0.24v4.0+62 more2014-07-17
CVE-2014-4261 [MEDIUM] CVE-2014-4261: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487.
nvd
CVE-2014-2489MEDIUMCVSS 4.1≤ 4.2.24v4.2.0+61 more2014-07-17
CVE-2014-2489 [MEDIUM] CVE-2014-2489: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
nvd
CVE-2014-2487MEDIUMCVSS 6.9≥ 3.2.0, < 3.2.24≥ 4.0, < 4.0.26+3 more2014-07-17
CVE-2014-2487 [MEDIUM] CVE-2014-2487: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-4261.
nvd
CVE-2014-2488LOWCVSS 1.0≤ 3.2.22v3.2+61 more2014-07-17
CVE-2014-2488 [LOW] CVE-2014-2488: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.
nvd
CVE-2014-2486LOWCVSS 3.0≤ 3.2.22v3.2+61 more2014-07-17
CVE-2014-2486 [LOW] CVE-2014-2486: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2477.
nvd
CVE-2014-2477LOWCVSS 3.6PoC≤ 4.0.24v4.0+61 more2014-07-17
CVE-2014-2477 [LOW] CVE-2014-2477: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2486.
nvd
CVE-2014-2441MEDIUMCVSS 4.4≤ 4.1.30v4.1.0+14 more2014-04-16
CVE-2014-2441 [MEDIUM] CVE-2014-2441: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.
nvd
CVE-2014-0981MEDIUMCVSS 4.4PoCv4.2.0v4.2.2+13 more2014-03-31
CVE-2014-0981 [MEDIUM] CWE-399 CVE-2014-0981: VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x befo
VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK
nvd
CVE-2014-0983MEDIUMCVSS 6.9PoCv4.2.0v4.2.2+13 more2014-03-31
CVE-2014-0983 [MEDIUM] CWE-399 CVE-2014-0983: Multiple array index errors in programs that are automatically generated by VBox/HostServices/Shared
Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with
nvd
CVE-2014-0407LOWCVSS 3.5≤ 4.1.28v4.1.0+47 more2014-01-15
CVE-2014-0407 [LOW] CVE-2014-0407: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0405.
nvd
CVE-2013-5892LOWCVSS 3.5≤ 3.2.18v3.2.0+49 more2014-01-15
CVE-2013-5892 [LOW] CVE-2013-5892: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
nvd
CVE-2014-0405LOWCVSS 3.5≤ 4.2.18v4.2.0+47 more2014-01-15
CVE-2014-0405 [LOW] CVE-2014-0405: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0407.
nvd
CVE-2014-0404LOWCVSS 2.4≤ 3.2.18v3.2.0+47 more2014-01-15
CVE-2014-0404 [LOW] CVE-2014-0404: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.
nvd
CVE-2014-0406LOWCVSS 2.4≤ 4.1.28v4.1.0+47 more2014-01-15
CVE-2014-0406 [LOW] CVE-2014-0406: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.
nvd