| VuXML ID | Description |
|---|
| 1ba034fb-ca38-11ed-b242-d4c9ef517024 | OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints
The OpenSSL project reports:
Severity: Low
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit this
vulnerability by creating a malicious certificate chain that triggers
exponential use of computational resources, leading to a denial-of-service
(DoS) attack on affected systems.
Discovery 2023-03-23
Entry 2023-03-24
Modified 2023-07-19
openssl
< 1.1.1t,1_1
openssl30
< 3.0.8_1
openssl31
< 3.1.0_1
openssl-quic
< 3.0.8_1
virtualbox-ose
< 6.1.46
CVE-2023-0464
https://www.openssl.org/news/secadv/20230322.txt
|
| f32b1fbd-264d-11ee-a468-80fa5b29d485 | virtualbox-ose -- multiple vulnerabilities
secalert_us@oracle.com reports:
Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualization (component: Core). Supported versions that are
affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable
vulnerability allows high privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise
Oracle VM VirtualBox. Successful attacks require human interaction
from a person other than the attacker. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.
CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).
Discovery 2023-07-18
Entry 2023-07-19
virtualbox-ose
< 6.1.46
CVE-2023-22016
https://nvd.nist.gov/vuln/detail/CVE-2023-22016
|
| e1387e95-08d0-11ed-be26-001999f8d30b | VirtualBox -- Multiple vulnerabilities
Oracle reports:
Easily exploitable vulnerability allows high privileged
attacker with logon to the infrastructure where Oracle
VM VirtualBox executes to compromise Oracle VM VirtualBox.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of Oracle VM VirtualBox.
Discovery 2022-07-20
Entry 2022-07-21
virtualbox-ose
< 6.1.36
CVE-2022-21554
CVE-2022-21571
https://www.oracle.com/security-alerts/cpujul2022.html
|
| cf40e8b7-264d-11ee-a468-80fa5b29d485 | virtualbox-ose -- multiple vulnerabilities
secalert_us@oracle.com reports:
Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualization (component: Core). Supported versions that are
affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable
vulnerability allows low privileged attacker with logon to the
infrastructure where Oracle VM VirtualBox executes to compromise
Oracle VM VirtualBox. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of Oracle VM VirtualBox. Note:
This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score
5.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Discovery 2023-07-18
Entry 2023-07-19
virtualbox-ose
< 6.1.46
CVE-2023-22017
https://nvd.nist.gov/vuln/detail/CVE-2023-22017
|
| bc90e894-264b-11ee-a468-80fa5b29d485 | virtualbox-ose -- multiple vulnerabilities
secalert_us@oracle.com reports:
Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualization (component: Core). Supported versions that are
affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via RDP to compromise Oracle VM VirtualBox. Successful
attacks of this vulnerability can result in takeover of Oracle VM
VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity
and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Discovery 2023-07-18
Entry 2023-07-19
virtualbox-ose
< 6.1.46
CVE-2023-22018
https://nvd.nist.gov/vuln/detail/CVE-2023-22018
|