Risk | High |
Patch available | YES |
Number of vulnerabilities | 36 |
CVE-ID | CVE-2021-2145 CVE-2021-2250 CVE-2021-2264 CVE-2021-2266 CVE-2021-2279 CVE-2021-2280 CVE-2021-2281 CVE-2021-2282 CVE-2021-2283 CVE-2021-2284 CVE-2021-2285 CVE-2021-2286 CVE-2021-2287 CVE-2021-2291 CVE-2021-2296 CVE-2021-2297 CVE-2021-2306 CVE-2021-2309 CVE-2021-2310 CVE-2021-2312 CVE-2021-2409 CVE-2021-2442 CVE-2021-2443 CVE-2021-2454 CVE-2021-2475 CVE-2021-35538 CVE-2021-35540 CVE-2021-35542 CVE-2021-35545 CVE-2022-21394 CVE-2022-21465 CVE-2022-21471 CVE-2022-21487 CVE-2022-21488 CVE-2022-21554 CVE-2022-21571 |
CWE-ID | CWE-20 CWE-125 CWE-22 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system app-emulation/virtualbox-modules Operating systems & Components / Operating system package or component app-emulation/virtualbox-guest-additions Operating systems & Components / Operating system package or component app-emulation/virtualbox-extpack-oracle Operating systems & Components / Operating system package or component app-emulation/virtualbox-additions Operating systems & Components / Operating system package or component app-emulation/virtualbox Operating systems & Components / Operating system package or component |
Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 36 vulnerabilities.
EUVDB-ID: #VU52432
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2145
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52429
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2250
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52428
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2264
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to read and manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to read and manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52443
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2266
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52430
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2279
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52434
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2280
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52435
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2281
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52436
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2282
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52437
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2283
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52438
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2284
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52439
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2285
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52440
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2286
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52441
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2287
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52446
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2291
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52444
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2296
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52445
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2297
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52442
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2306
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52431
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2309
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52433
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2310
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52447
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2312
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55097
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2409
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55100
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2442
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55098
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2443
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to read and manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55099
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2454
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67019
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2475
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67013
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35538
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67015
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35540
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67018
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35542
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67014
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35545
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to access sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to access sensitive information or perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59809
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21394
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the implementation of the TFTP server. A local user can view files on the system.
Update the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU62436
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21465
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to damange or delete data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU62437
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21471
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU62438
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21487
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU62439
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21488
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65551
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21554
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65550
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21571
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
CPE2.3 External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.