|
Lines 1-3
Link Here
|
|
|
1 |
<vuln vid="f32b1fbd-264d-11ee-a468-80fa5b29d485"> |
| 2 |
<topic>virtualbox-ose -- multiple vulnerabilities</topic> |
| 3 |
<affects> |
| 4 |
<package> |
| 5 |
<name>virtualbox-ose</name> |
| 6 |
<range><lt>6.1.46</lt></range> |
| 7 |
</package> |
| 8 |
</affects> |
| 9 |
<description> |
| 10 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 11 |
<p>secalert_us@oracle.com reports:</p> |
| 12 |
<blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html"> |
| 13 |
<p>Vulnerability in the Oracle VM VirtualBox product of Oracle |
| 14 |
Virtualization (component: Core). Supported versions that are |
| 15 |
affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable |
| 16 |
vulnerability allows high privileged attacker with logon to the |
| 17 |
infrastructure where Oracle VM VirtualBox executes to compromise |
| 18 |
Oracle VM VirtualBox. Successful attacks require human interaction |
| 19 |
from a person other than the attacker. Successful attacks of this |
| 20 |
vulnerability can result in unauthorized ability to cause a hang |
| 21 |
or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. |
| 22 |
CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: |
| 23 |
(CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).</p> |
| 24 |
</blockquote> |
| 25 |
</body> |
| 26 |
</description> |
| 27 |
<references> |
| 28 |
<cvename>CVE-2023-22016</cvename> |
| 29 |
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-22016</url> |
| 30 |
</references> |
| 31 |
<dates> |
| 32 |
<discovery>2023-07-18</discovery> |
| 33 |
<entry>2023-07-19</entry> |
| 34 |
</dates> |
| 35 |
</vuln> |
| 36 |
|
| 37 |
<vuln vid="cf40e8b7-264d-11ee-a468-80fa5b29d485"> |
| 38 |
<topic>virtualbox-ose -- multiple vulnerabilities</topic> |
| 39 |
<affects> |
| 40 |
<package> |
| 41 |
<name>virtualbox-ose</name> |
| 42 |
<range><lt>6.1.46</lt></range> |
| 43 |
</package> |
| 44 |
</affects> |
| 45 |
<description> |
| 46 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 47 |
<p>secalert_us@oracle.com reports:</p> |
| 48 |
<blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html"> |
| 49 |
<p>Vulnerability in the Oracle VM VirtualBox product of Oracle |
| 50 |
Virtualization (component: Core). Supported versions that are |
| 51 |
affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable |
| 52 |
vulnerability allows low privileged attacker with logon to the |
| 53 |
infrastructure where Oracle VM VirtualBox executes to compromise |
| 54 |
Oracle VM VirtualBox. Successful attacks of this vulnerability can |
| 55 |
result in unauthorized ability to cause a hang or frequently |
| 56 |
repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: |
| 57 |
This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score |
| 58 |
5.5 (Availability impacts). CVSS Vector: |
| 59 |
(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</p> |
| 60 |
</blockquote> |
| 61 |
</body> |
| 62 |
</description> |
| 63 |
<references> |
| 64 |
<cvename>CVE-2023-22017</cvename> |
| 65 |
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-22017</url> |
| 66 |
</references> |
| 67 |
<dates> |
| 68 |
<discovery>2023-07-18</discovery> |
| 69 |
<entry>2023-07-19</entry> |
| 70 |
</dates> |
| 71 |
</vuln> |
| 72 |
|
| 73 |
<vuln vid="bc90e894-264b-11ee-a468-80fa5b29d485"> |
| 74 |
<topic>virtualbox-ose -- multiple vulnerabilities</topic> |
| 75 |
<affects> |
| 76 |
<package> |
| 77 |
<name>virtualbox-ose</name> |
| 78 |
<range><lt>6.1.46</lt></range> |
| 79 |
</package> |
| 80 |
</affects> |
| 81 |
<description> |
| 82 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 83 |
<p>secalert_us@oracle.com reports:</p> |
| 84 |
<blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html"> |
| 85 |
<p>Vulnerability in the Oracle VM VirtualBox product of Oracle |
| 86 |
Virtualization (component: Core). Supported versions that are |
| 87 |
affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to |
| 88 |
exploit vulnerability allows unauthenticated attacker with network |
| 89 |
access via RDP to compromise Oracle VM VirtualBox. Successful |
| 90 |
attacks of this vulnerability can result in takeover of Oracle VM |
| 91 |
VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity |
| 92 |
and Availability impacts). CVSS Vector: |
| 93 |
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).</p> |
| 94 |
</blockquote> |
| 95 |
</body> |
| 96 |
</description> |
| 97 |
<references> |
| 98 |
<cvename>CVE-2023-22018</cvename> |
| 99 |
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-22018</url> |
| 100 |
</references> |
| 101 |
<dates> |
| 102 |
<discovery>2023-07-18</discovery> |
| 103 |
<entry>2023-07-19</entry> |
| 104 |
</dates> |
| 105 |
</vuln> |
| 106 |
|
| 1 |
<vuln vid="c70c3dc3-258c-11ee-b37b-901b0e9408dc"> |
107 |
<vuln vid="c70c3dc3-258c-11ee-b37b-901b0e9408dc"> |
| 2 |
<topic>element-web -- Cross site scripting in Export Chat feature</topic> |
108 |
<topic>element-web -- Cross site scripting in Export Chat feature</topic> |
| 3 |
<affects> |
109 |
<affects> |
|
Lines 4757-4762
Link Here
|
| 4757 |
<name>openssl-quic</name> |
4863 |
<name>openssl-quic</name> |
| 4758 |
<range><lt>3.0.8_1</lt></range> |
4864 |
<range><lt>3.0.8_1</lt></range> |
| 4759 |
</package> |
4865 |
</package> |
|
|
4866 |
<package> |
| 4867 |
<name>virtualbox-ose</name> |
| 4868 |
<range><lt>6.1.46</lt></range> |
| 4869 |
</package> |
| 4760 |
</affects> |
4870 |
</affects> |
| 4761 |
<description> |
4871 |
<description> |
| 4762 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
4872 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
|
Lines 4779-4785
Link Here
|
| 4779 |
<dates> |
4889 |
<dates> |
| 4780 |
<discovery>2023-03-23</discovery> |
4890 |
<discovery>2023-03-23</discovery> |
| 4781 |
<entry>2023-03-24</entry> |
4891 |
<entry>2023-03-24</entry> |
| 4782 |
<modified>2023-03-24</modified> |
4892 |
<modified>2023-07-19</modified> |
| 4783 |
</dates> |
4893 |
</dates> |
| 4784 |
</vuln> |
4894 |
</vuln> |
| 4785 |
|
4895 |
|