Gentoo update for VirtualBox
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 24 |
| CVE-ID | CVE-2020-14872 CVE-2020-14881 CVE-2020-14884 CVE-2020-14885 CVE-2020-14886 CVE-2020-14889 CVE-2020-14892 CVE-2021-2073 CVE-2021-2074 CVE-2021-2086 CVE-2021-2111 CVE-2021-2112 CVE-2021-2119 CVE-2021-2120 CVE-2021-2121 CVE-2021-2123 CVE-2021-2124 CVE-2021-2125 CVE-2021-2126 CVE-2021-2127 CVE-2021-2128 CVE-2021-2129 CVE-2021-2130 CVE-2021-2131 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #13 is available. |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 24 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU47832
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-14872
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Improper input validation
EUVDB-ID: #VU47833
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-14881
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Improper input validation
EUVDB-ID: #VU47834
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-14884
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Improper input validation
EUVDB-ID: #VU47835
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-14885
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Improper input validation
EUVDB-ID: #VU47836
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-14886
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) Improper input validation
EUVDB-ID: #VU47837
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-14889
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Improper input validation
EUVDB-ID: #VU47838
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-14892
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) Improper input validation
EUVDB-ID: #VU49875
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2073
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) Improper input validation
EUVDB-ID: #VU49862
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2074
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Improper input validation
EUVDB-ID: #VU49865
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2086
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) Improper input validation
EUVDB-ID: #VU49866
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2111
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
12) Improper input validation
EUVDB-ID: #VU49867
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2112
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
13) Improper input validation
EUVDB-ID: #VU49870
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2119
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
14) Improper input validation
EUVDB-ID: #VU49871
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
15) Improper input validation
EUVDB-ID: #VU49868
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2121
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
16) Improper input validation
EUVDB-ID: #VU49878
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2123
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
17) Improper input validation
EUVDB-ID: #VU49869
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2124
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
18) Improper input validation
EUVDB-ID: #VU49874
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2125
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to read and manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
19) Improper input validation
EUVDB-ID: #VU49872
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2126
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
20) Improper input validation
EUVDB-ID: #VU49876
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2127
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
21) Improper input validation
EUVDB-ID: #VU49864
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2128
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
22) Improper input validation
EUVDB-ID: #VU49863
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2129
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to read and manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
23) Improper input validation
EUVDB-ID: #VU49877
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2130
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
24) Improper input validation
EUVDB-ID: #VU49873
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2131
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.18
Gentoo Linux: All versions
CPE2.3 External links
http://security.gentoo.org/
http://security.gentoo.org/glsa/202101-15
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
