Multiple vulnerabilities in Oracle VM VirtualBox
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2021-2123 CVE-2021-2130 CVE-2021-2127 CVE-2021-2073 CVE-2021-2125 CVE-2021-2131 CVE-2021-2126 CVE-2021-2120 CVE-2021-2119 CVE-2021-2124 CVE-2021-2121 CVE-2021-2112 CVE-2021-2111 CVE-2021-2086 CVE-2021-2128 CVE-2021-2129 CVE-2021-2074 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #9 is available. |
| Vulnerable software Subscribe |
Oracle VM VirtualBox Server applications / Virtualization software |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU49878
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2123
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Improper input validation
EUVDB-ID: #VU49877
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2130
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Improper input validation
EUVDB-ID: #VU49876
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2127
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Improper input validation
EUVDB-ID: #VU49875
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2073
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Improper input validation
EUVDB-ID: #VU49874
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2125
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) Improper input validation
EUVDB-ID: #VU49873
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2131
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Improper input validation
EUVDB-ID: #VU49872
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2126
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) Improper input validation
EUVDB-ID: #VU49871
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2120
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) Improper input validation
EUVDB-ID: #VU49870
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2119
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Improper input validation
EUVDB-ID: #VU49869
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2124
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) Improper input validation
EUVDB-ID: #VU49868
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2121
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
12) Improper input validation
EUVDB-ID: #VU49867
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2112
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
13) Improper input validation
EUVDB-ID: #VU49866
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2111
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
14) Improper input validation
EUVDB-ID: #VU49865
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2086
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
15) Improper input validation
EUVDB-ID: #VU49864
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2128
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
16) Improper input validation
EUVDB-ID: #VU49863
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2129
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
17) Improper input validation
EUVDB-ID: #VU49862
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2074
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle VM VirtualBox: 6.1.0 - 6.1.16
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/cpujan2021.html?151
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
