Gentoo update for Oracle VirtualBox
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 36 |
| CVE-ID | CVE-2021-2145 CVE-2021-2250 CVE-2021-2264 CVE-2021-2266 CVE-2021-2279 CVE-2021-2280 CVE-2021-2281 CVE-2021-2282 CVE-2021-2283 CVE-2021-2284 CVE-2021-2285 CVE-2021-2286 CVE-2021-2287 CVE-2021-2291 CVE-2021-2296 CVE-2021-2297 CVE-2021-2306 CVE-2021-2309 CVE-2021-2310 CVE-2021-2312 CVE-2021-2409 CVE-2021-2442 CVE-2021-2443 CVE-2021-2454 CVE-2021-2475 CVE-2021-35538 CVE-2021-35540 CVE-2021-35542 CVE-2021-35545 CVE-2022-21394 CVE-2022-21465 CVE-2022-21471 CVE-2022-21487 CVE-2022-21488 CVE-2022-21554 CVE-2022-21571 |
| CWE-ID | CWE-20 CWE-125 CWE-22 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system app-emulation/virtualbox-modules Operating systems & Components / Operating system package or component app-emulation/virtualbox-guest-additions Operating systems & Components / Operating system package or component app-emulation/virtualbox-extpack-oracle Operating systems & Components / Operating system package or component app-emulation/virtualbox-additions Operating systems & Components / Operating system package or component app-emulation/virtualbox Operating systems & Components / Operating system package or component |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 36 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU52432
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2145
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Improper input validation
EUVDB-ID: #VU52429
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2250
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Improper input validation
EUVDB-ID: #VU52428
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2264
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to read and manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to read and manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Improper input validation
EUVDB-ID: #VU52443
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2266
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Improper input validation
EUVDB-ID: #VU52430
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-2279
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) Improper input validation
EUVDB-ID: #VU52434
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2280
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Improper input validation
EUVDB-ID: #VU52435
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2281
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) Improper input validation
EUVDB-ID: #VU52436
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2282
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) Improper input validation
EUVDB-ID: #VU52437
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2283
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Improper input validation
EUVDB-ID: #VU52438
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2284
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) Improper input validation
EUVDB-ID: #VU52439
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2285
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
12) Improper input validation
EUVDB-ID: #VU52440
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2286
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
13) Improper input validation
EUVDB-ID: #VU52441
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2287
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
14) Improper input validation
EUVDB-ID: #VU52446
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2291
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
15) Improper input validation
EUVDB-ID: #VU52444
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2296
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
16) Improper input validation
EUVDB-ID: #VU52445
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2297
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
17) Improper input validation
EUVDB-ID: #VU52442
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2306
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
18) Improper input validation
EUVDB-ID: #VU52431
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2309
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
19) Improper input validation
EUVDB-ID: #VU52433
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2310
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
20) Improper input validation
EUVDB-ID: #VU52447
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2312
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
21) Improper input validation
EUVDB-ID: #VU55097
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2409
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
22) Improper input validation
EUVDB-ID: #VU55100
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2442
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
23) Improper input validation
EUVDB-ID: #VU55098
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2443
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to read and manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
24) Improper input validation
EUVDB-ID: #VU55099
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2454
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
25) Improper input validation
EUVDB-ID: #VU67019
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2475
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
26) Improper input validation
EUVDB-ID: #VU67013
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-35538
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
27) Improper input validation
EUVDB-ID: #VU67015
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-35540
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
28) Improper input validation
EUVDB-ID: #VU67018
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-35542
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
29) Improper input validation
EUVDB-ID: #VU67014
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-35545
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to access sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to access sensitive information or perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
30) Path traversal
EUVDB-ID: #VU59809
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21394
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the implementation of the TFTP server. A local user can view files on the system.
Update the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
31) Improper input validation
EUVDB-ID: #VU62436
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21465
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to damange or delete data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
32) Improper input validation
EUVDB-ID: #VU62437
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21471
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
33) Improper input validation
EUVDB-ID: #VU62438
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21487
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
34) Improper input validation
EUVDB-ID: #VU62439
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21488
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
35) Improper input validation
EUVDB-ID: #VU65551
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21554
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
36) Improper input validation
EUVDB-ID: #VU65550
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21571
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External links
http://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
