SB2020041449 - Multiple vulnerabilities in Oracle VM VirtualBox

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020041449

SB2020041449 - Multiple vulnerabilities in Oracle VM VirtualBox

Published: April 14, 2020 Updated: May 4, 2020

Security Bulletin ID SB2020041449
Severity
High
Patch available
YES
Number of vulnerabilities 20
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 5% Low 95%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 20 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2020-2902)

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.


2) Improper input validation (CVE-ID: CVE-2020-2913)

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.


3) Improper input validation (CVE-ID: CVE-2020-2909)

The vulnerability allows a local authenticated user to perform service disruption.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to perform service disruption.


4) Improper input validation (CVE-ID: CVE-2020-2748)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.


5) Improper input validation (CVE-ID: CVE-2020-2743)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.


6) Improper input validation (CVE-ID: CVE-2020-2741)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.


7) Improper input validation (CVE-ID: CVE-2020-2951)

The vulnerability allows a local authenticated user to a crash the entire system.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to a crash the entire system.


8) Improper input validation (CVE-ID: CVE-2020-2910)

The vulnerability allows a local authenticated user to manipulate data.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to manipulate data.


9) Improper input validation (CVE-ID: CVE-2020-2914)

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.


10) Improper input validation (CVE-ID: CVE-2020-2958)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.


11) Improper input validation (CVE-ID: CVE-2020-2959)

The vulnerability allows a remote non-authenticated attacker to a crash the entire system.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A remote non-authenticated attacker can exploit this vulnerability to a crash the entire system.


12) Improper input validation (CVE-ID: CVE-2020-2907)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.


13) Improper input validation (CVE-ID: CVE-2020-2911)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.


14) Improper input validation (CVE-ID: CVE-2020-2929)

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.


15) Improper input validation (CVE-ID: CVE-2020-2894)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.


16) Improper input validation (CVE-ID: CVE-2020-2758)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.


17) Improper input validation (CVE-ID: CVE-2020-2908)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.


18) Improper input validation (CVE-ID: CVE-2020-2905)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.


19) Improper input validation (CVE-ID: CVE-2020-2742)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.


20) Use of Uninitialized Variable (CVE-ID: CVE-2020-2575)

The vulnerabilities allows a local user to escalate privileges on the target system.

The vulnerability exists within the processing of data sent to OHCI endpoints due to the lack of proper initialization of memory prior to accessing it. A local user can gain elevated privileges on the target system and execute arbitrary code.


Remediation

Install update from vendor's website.

References