Date: Thu, 20 Jul 2023 06:41:35 GMT From: =?utf-8?Q?Fernando=20Apestegu=C3=ADa?= <fernape@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 7be06437cf4d - main - security/vuxml: Document vulnerabilities in emulators/virtualbox-ose* Message-ID: <202307200641.36K6fZSK036855@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=7be06437cf4dde2f4e096c225bebe415225f64ab commit 7be06437cf4dde2f4e096c225bebe415225f64ab Author: Patrick R Groeneveld <groenveld@acm.org> AuthorDate: 2023-07-20 06:40:26 +0000 Commit: Fernando ApesteguĂa <fernape@FreeBSD.org> CommitDate: 2023-07-20 06:40:26 +0000 security/vuxml: Document vulnerabilities in emulators/virtualbox-ose* ChangeLog: https://www.oracle.com/security-alerts/ PR: 271141 Reported by: grahamperrin@freebsd.org --- security/vuxml/vuln/2023.xml | 112 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 111 insertions(+), 1 deletion(-) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 432b181ed6d3..3f3efe62dd05 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,109 @@ + <vuln vid="f32b1fbd-264d-11ee-a468-80fa5b29d485"> + <topic>virtualbox-ose -- multiple vulnerabilities</topic> + <affects> + <package> + <name>virtualbox-ose</name> + <range><lt>6.1.46</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>secalert_us@oracle.com reports:</p> + <blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html">; + <p>Vulnerability in the Oracle VM VirtualBox product of Oracle + Virtualization (component: Core). Supported versions that are + affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable + vulnerability allows high privileged attacker with logon to the + infrastructure where Oracle VM VirtualBox executes to compromise + Oracle VM VirtualBox. Successful attacks require human interaction + from a person other than the attacker. Successful attacks of this + vulnerability can result in unauthorized ability to cause a hang + or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. + CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: + (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-22016</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2023-22016</url>; + </references> + <dates> + <discovery>2023-07-18</discovery> + <entry>2023-07-19</entry> + </dates> + </vuln> + + <vuln vid="cf40e8b7-264d-11ee-a468-80fa5b29d485"> + <topic>virtualbox-ose -- multiple vulnerabilities</topic> + <affects> + <package> + <name>virtualbox-ose</name> + <range><lt>6.1.46</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>secalert_us@oracle.com reports:</p> + <blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html">; + <p>Vulnerability in the Oracle VM VirtualBox product of Oracle + Virtualization (component: Core). Supported versions that are + affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable + vulnerability allows low privileged attacker with logon to the + infrastructure where Oracle VM VirtualBox executes to compromise + Oracle VM VirtualBox. Successful attacks of this vulnerability can + result in unauthorized ability to cause a hang or frequently + repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: + This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score + 5.5 (Availability impacts). CVSS Vector: + (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-22017</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2023-22017</url>; + </references> + <dates> + <discovery>2023-07-18</discovery> + <entry>2023-07-19</entry> + </dates> + </vuln> + + <vuln vid="bc90e894-264b-11ee-a468-80fa5b29d485"> + <topic>virtualbox-ose -- multiple vulnerabilities</topic> + <affects> + <package> + <name>virtualbox-ose</name> + <range><lt>6.1.46</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>secalert_us@oracle.com reports:</p> + <blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html">; + <p>Vulnerability in the Oracle VM VirtualBox product of Oracle + Virtualization (component: Core). Supported versions that are + affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to + exploit vulnerability allows unauthenticated attacker with network + access via RDP to compromise Oracle VM VirtualBox. Successful + attacks of this vulnerability can result in takeover of Oracle VM + VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity + and Availability impacts). CVSS Vector: + (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-22018</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2023-22018</url>; + </references> + <dates> + <discovery>2023-07-18</discovery> + <entry>2023-07-19</entry> + </dates> + </vuln> + <vuln vid="c70c3dc3-258c-11ee-b37b-901b0e9408dc"> <topic>element-web -- Cross site scripting in Export Chat feature</topic> <affects> @@ -4757,6 +4863,10 @@ <name>openssl-quic</name> <range><lt>3.0.8_1</lt></range> </package> + <package> + <name>virtualbox-ose</name> + <range><lt>6.1.46</lt></range> + </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; @@ -4779,7 +4889,7 @@ <dates> <discovery>2023-03-23</discovery> <entry>2023-03-24</entry> - <modified>2023-03-24</modified> + <modified>2023-07-19</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202307200641.36K6fZSK036855>