Gentoo update for Oracle VirtualBox
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 36 |
| CVE-ID | CVE-2021-2145 CVE-2021-2250 CVE-2021-2264 CVE-2021-2266 CVE-2021-2279 CVE-2021-2280 CVE-2021-2281 CVE-2021-2282 CVE-2021-2283 CVE-2021-2284 CVE-2021-2285 CVE-2021-2286 CVE-2021-2287 CVE-2021-2291 CVE-2021-2296 CVE-2021-2297 CVE-2021-2306 CVE-2021-2309 CVE-2021-2310 CVE-2021-2312 CVE-2021-2409 CVE-2021-2442 CVE-2021-2443 CVE-2021-2454 CVE-2021-2475 CVE-2021-35538 CVE-2021-35540 CVE-2021-35542 CVE-2021-35545 CVE-2022-21394 CVE-2022-21465 CVE-2022-21471 CVE-2022-21487 CVE-2022-21488 CVE-2022-21554 CVE-2022-21571 |
| CWE-ID | CWE-20 CWE-125 CWE-22 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system app-emulation/virtualbox-modules Operating systems & Components / Operating system package or component app-emulation/virtualbox-guest-additions Operating systems & Components / Operating system package or component app-emulation/virtualbox-extpack-oracle Operating systems & Components / Operating system package or component app-emulation/virtualbox-additions Operating systems & Components / Operating system package or component app-emulation/virtualbox Operating systems & Components / Operating system package or component |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 36 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU52432
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2145
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU52429
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2250
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU52428
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2264
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to read and manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to read and manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU52443
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2266
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU52430
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2279
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper input validation
EUVDB-ID: #VU52434
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2280
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU52435
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2281
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU52436
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2282
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU52437
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2283
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU52438
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2284
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU52439
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2285
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU52440
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2286
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU52441
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2287
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper input validation
EUVDB-ID: #VU52446
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2291
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU52444
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2296
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU52445
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2297
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper input validation
EUVDB-ID: #VU52442
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2306
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper input validation
EUVDB-ID: #VU52431
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2309
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU52433
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2310
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU52447
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2312
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU55097
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2409
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper input validation
EUVDB-ID: #VU55100
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2442
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper input validation
EUVDB-ID: #VU55098
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2443
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to read and manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper input validation
EUVDB-ID: #VU55099
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2454
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper input validation
EUVDB-ID: #VU67019
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2475
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper input validation
EUVDB-ID: #VU67013
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35538
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper input validation
EUVDB-ID: #VU67015
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35540
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper input validation
EUVDB-ID: #VU67018
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35542
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper input validation
EUVDB-ID: #VU67014
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35545
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to access sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to access sensitive information or perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Path traversal
EUVDB-ID: #VU59809
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21394
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the implementation of the TFTP server. A local user can view files on the system.
Update the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper input validation
EUVDB-ID: #VU62436
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21465
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to damange or delete data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper input validation
EUVDB-ID: #VU62437
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21471
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper input validation
EUVDB-ID: #VU62438
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21487
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper input validation
EUVDB-ID: #VU62439
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21488
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper input validation
EUVDB-ID: #VU65551
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21554
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper input validation
EUVDB-ID: #VU65550
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21571
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected packages.
app-emulation/virtualbox to version: 6.1.36
app-emulation/virtualbox-additions to version: 6.1.36
app-emulation/virtualbox-extpack-oracle to version: 6.1.36
app-emulation/virtualbox-guest-additions to version: 6.1.36
app-emulation/virtualbox-modules to version: 6.1.36
Gentoo Linux: All versions
app-emulation/virtualbox-modules: before 6.1.36
app-emulation/virtualbox-guest-additions: before 6.1.36
app-emulation/virtualbox-extpack-oracle: before 6.1.36
app-emulation/virtualbox-additions: before 6.1.36
app-emulation/virtualbox: before 6.1.36
External linkshttp://security.gentoo.org/glsa/202208-36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
