This Critical Patch Update contains 25 new security patches for Oracle Virtualization. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here: https://www.oracle.com/security-alerts/cpujul2020verbose.html#OVIR
1. The CVE-2020-14628 is applicable to Windows VM only.
2. The CVE-2020-14711 is applicable to macOS host only.
Thank you for the report. What is the version that we need to update to to address these vulnerabilities in each branch?
> Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12.
Fixed in 5.2.44 (5.2.34 in ports: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244212), 6.0.24 and 6.1.12 (both not in ports: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234878).
CVEs added to vuxml in r542548
Thanks for reporting!