Lines 1-3
Link Here
|
|
|
1 |
<vuln vid="f32b1fbd-264d-11ee-a468-80fa5b29d485"> |
2 |
<topic>virtualbox-ose -- multiple vulnerabilities</topic> |
3 |
<affects> |
4 |
<package> |
5 |
<name>virtualbox-ose</name> |
6 |
<range><lt>6.1.46</lt></range> |
7 |
</package> |
8 |
</affects> |
9 |
<description> |
10 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
11 |
<p>secalert_us@oracle.com reports:</p> |
12 |
<blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html"> |
13 |
<p>Vulnerability in the Oracle VM VirtualBox product of Oracle |
14 |
Virtualization (component: Core). Supported versions that are |
15 |
affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable |
16 |
vulnerability allows high privileged attacker with logon to the |
17 |
infrastructure where Oracle VM VirtualBox executes to compromise |
18 |
Oracle VM VirtualBox. Successful attacks require human interaction |
19 |
from a person other than the attacker. Successful attacks of this |
20 |
vulnerability can result in unauthorized ability to cause a hang |
21 |
or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. |
22 |
CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: |
23 |
(CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).</p> |
24 |
</blockquote> |
25 |
</body> |
26 |
</description> |
27 |
<references> |
28 |
<cvename>CVE-2023-22016</cvename> |
29 |
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-22016</url> |
30 |
</references> |
31 |
<dates> |
32 |
<discovery>2023-07-18</discovery> |
33 |
<entry>2023-07-19</entry> |
34 |
</dates> |
35 |
</vuln> |
36 |
|
37 |
<vuln vid="cf40e8b7-264d-11ee-a468-80fa5b29d485"> |
38 |
<topic>virtualbox-ose -- multiple vulnerabilities</topic> |
39 |
<affects> |
40 |
<package> |
41 |
<name>virtualbox-ose</name> |
42 |
<range><lt>6.1.46</lt></range> |
43 |
</package> |
44 |
</affects> |
45 |
<description> |
46 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
47 |
<p>secalert_us@oracle.com reports:</p> |
48 |
<blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html"> |
49 |
<p>Vulnerability in the Oracle VM VirtualBox product of Oracle |
50 |
Virtualization (component: Core). Supported versions that are |
51 |
affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable |
52 |
vulnerability allows low privileged attacker with logon to the |
53 |
infrastructure where Oracle VM VirtualBox executes to compromise |
54 |
Oracle VM VirtualBox. Successful attacks of this vulnerability can |
55 |
result in unauthorized ability to cause a hang or frequently |
56 |
repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: |
57 |
This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score |
58 |
5.5 (Availability impacts). CVSS Vector: |
59 |
(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</p> |
60 |
</blockquote> |
61 |
</body> |
62 |
</description> |
63 |
<references> |
64 |
<cvename>CVE-2023-22017</cvename> |
65 |
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-22017</url> |
66 |
</references> |
67 |
<dates> |
68 |
<discovery>2023-07-18</discovery> |
69 |
<entry>2023-07-19</entry> |
70 |
</dates> |
71 |
</vuln> |
72 |
|
73 |
<vuln vid="bc90e894-264b-11ee-a468-80fa5b29d485"> |
74 |
<topic>virtualbox-ose -- multiple vulnerabilities</topic> |
75 |
<affects> |
76 |
<package> |
77 |
<name>virtualbox-ose</name> |
78 |
<range><lt>6.1.46</lt></range> |
79 |
</package> |
80 |
</affects> |
81 |
<description> |
82 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
83 |
<p>secalert_us@oracle.com reports:</p> |
84 |
<blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html"> |
85 |
<p>Vulnerability in the Oracle VM VirtualBox product of Oracle |
86 |
Virtualization (component: Core). Supported versions that are |
87 |
affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to |
88 |
exploit vulnerability allows unauthenticated attacker with network |
89 |
access via RDP to compromise Oracle VM VirtualBox. Successful |
90 |
attacks of this vulnerability can result in takeover of Oracle VM |
91 |
VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity |
92 |
and Availability impacts). CVSS Vector: |
93 |
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).</p> |
94 |
</blockquote> |
95 |
</body> |
96 |
</description> |
97 |
<references> |
98 |
<cvename>CVE-2023-22018</cvename> |
99 |
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-22018</url> |
100 |
</references> |
101 |
<dates> |
102 |
<discovery>2023-07-18</discovery> |
103 |
<entry>2023-07-19</entry> |
104 |
</dates> |
105 |
</vuln> |
106 |
|
1 |
<vuln vid="c70c3dc3-258c-11ee-b37b-901b0e9408dc"> |
107 |
<vuln vid="c70c3dc3-258c-11ee-b37b-901b0e9408dc"> |
2 |
<topic>element-web -- Cross site scripting in Export Chat feature</topic> |
108 |
<topic>element-web -- Cross site scripting in Export Chat feature</topic> |
3 |
<affects> |
109 |
<affects> |
Lines 4757-4762
Link Here
|
4757 |
<name>openssl-quic</name> |
4863 |
<name>openssl-quic</name> |
4758 |
<range><lt>3.0.8_1</lt></range> |
4864 |
<range><lt>3.0.8_1</lt></range> |
4759 |
</package> |
4865 |
</package> |
|
|
4866 |
<package> |
4867 |
<name>virtualbox-ose</name> |
4868 |
<range><lt>6.1.46</lt></range> |
4869 |
</package> |
4760 |
</affects> |
4870 |
</affects> |
4761 |
<description> |
4871 |
<description> |
4762 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
4872 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
Lines 4779-4785
Link Here
|
4779 |
<dates> |
4889 |
<dates> |
4780 |
<discovery>2023-03-23</discovery> |
4890 |
<discovery>2023-03-23</discovery> |
4781 |
<entry>2023-03-24</entry> |
4891 |
<entry>2023-03-24</entry> |
4782 |
<modified>2023-03-24</modified> |
4892 |
<modified>2023-07-19</modified> |
4783 |
</dates> |
4893 |
</dates> |
4784 |
</vuln> |
4894 |
</vuln> |
4785 |
|
4895 |
|