SB20200114159 - Multiple vulnerabilities in Oracle VM VirtualBox

Main Vulnerability Database SB20200114159

SB20200114159 - Multiple vulnerabilities in Oracle VM VirtualBox

Published: January 14, 2020

Security Bulletin ID SB20200114159

Severity

Low

Patch available

YES

Number of vulnerabilities 18

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 18 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2020-2693)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.

2) Improper input validation (CVE-ID: CVE-2020-2727)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.

3) Improper input validation (CVE-ID: CVE-2020-2678)

The vulnerability allows a local authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to read and manipulate data.

4) Improper input validation (CVE-ID: CVE-2020-2725)

The vulnerability allows a local authenticated user to a crash the entire system.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to a crash the entire system.

5) Improper input validation (CVE-ID: CVE-2020-2705)

The vulnerability allows a local authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.

6) Improper input validation (CVE-ID: CVE-2020-2704)

The vulnerability allows a local authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.

7) Improper input validation (CVE-ID: CVE-2020-2703)

The vulnerability allows a local authenticated user to a crash the entire system.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to a crash the entire system.

8) Improper input validation (CVE-ID: CVE-2020-2692)

The vulnerability allows a local authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.

9) Improper input validation (CVE-ID: CVE-2020-2691)

The vulnerability allows a local authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.

10) Improper input validation (CVE-ID: CVE-2020-2690)

The vulnerability allows a local authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.

11) Improper input validation (CVE-ID: CVE-2020-2689)

The vulnerability allows a local authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.

12) Improper input validation (CVE-ID: CVE-2020-2681)

The vulnerability allows a local authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.

13) Improper input validation (CVE-ID: CVE-2020-2726)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

14) Improper input validation (CVE-ID: CVE-2020-2702)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

15) Improper input validation (CVE-ID: CVE-2020-2701)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

16) Improper input validation (CVE-ID: CVE-2020-2698)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

17) Improper input validation (CVE-ID: CVE-2020-2682)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

18) Improper input validation (CVE-ID: CVE-2020-2674)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://www.oracle.com/security-alerts/cpujan2020.html?151